Computer Weekly – 14 April 2026: How Nvidia's risky move paid off

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sun, 19 Apr 2026 22:59:14 GMT https://www.theserverside.com editor@techtarget.com In this week's Computer Weekly, we talk to Nvidia, the chip company at the centre of the AI revolution, about how its 20-year technology bet paid off. Oracle is laying off 30,000 workers – we find out what's behind the controversial move. And we analyse the risks and opportunities from edge AI. Read the issue now. https://www.bitpipe.com/detail/RES/1776096986_132.html Mon, 20 Apr 2026 00:00:00 GMT Computer Weekly – 14 April 2026: How Nvidia's risky move paid off <p>According to its most ardent proponents, AI is well on its way to creating a new, nirvana-like SOC, in which exposure and threat detection windows are measured in seconds, and human operators are liberated from endless alert triage and chronic overwork.</p> <p>Its fiercest detractors, on the other hand, warn that AI could create an apocalyptic cyber-hellscape in which organizations' ungoverned use of agentic AI exposes their sensitive data, and attackers find and exploit vulnerabilities at machine speed.</p> <p>The truth likely lies somewhere in the murky middle. AI, like any powerful tool, can be a force for good or evil -- and without proper safety oversight, it can create more problems than it solves.</p> <p>Programming at RSAC 2026 reflected this push and pull between AI optimism and concern. In this Reporters' Notebook video, Rob Wright, senior news director at Dark Reading; Eric Geller, senior reporter at Cybersecurity Dive; and Alissa Irei, senior site editor at TechTarget SearchSecurity, discussed what they saw and heard at the conference -- and what the federal government's notable absence might mean for an industry wrestling with questions about AI governance and compliance.</p> <p>Watch the full discussion now, and check out the following related articles, all part of the Informa TechTarget editorial team's extensive <a href="https://www.techtarget.com/searchsecurity/conference/RSA-Conference-news-and-analysis">coverage of the RSAC 2026 Conference</a>.</p> <p>For more on AI in cybersecurity:</p> <ul class="default-list"> <li><a target="_blank" href="https://www.darkreading.com/application-security/ai-coding-tools-endpoint-security" rel="noopener">How AI coding tools crushed the endpoint security fortress</a></li> <li><a href="https://www.techtarget.com/searchsecurity/feature/How-AI-caught-a-malicious-North-Korean-insider-at-Exabeam">How AI caught a malicious North Korean insider at Exabeam</a></li> <li><a target="_blank" href="https://www.techtarget.com/searchsecurity/feature/Agentic-AIs-role-in-amplifying-and-creating-insider-risks" rel="noopener">Agentic AI's role in amplifying and creating insider risks</a></li> <li><a target="_blank" href="https://www.darkreading.com/application-security/cisos-debate-human-role-ai-powered-security" rel="noopener">CISOs debate human role in AI-powered security</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/ai-cyberattacks-changes-defense-offense-strategies/815716/" rel="noopener">'Do not shift budgets to AI': How businesses should and shouldn't respond to evolving threats</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/ai-isacs-threat-intelligence-information-sharing-trust/815499/" rel="noopener">ISACs confront AI's promise and peril for threat intelligence-sharing</a></li> <li><a target="_blank" href="https://www.darkreading.com/cybersecurity-operations/ai-soc-go-wrong" rel="noopener">AI in the SOC: What could go wrong?</a></li> </ul> <p>For more on the U.S. federal government's absence from the conference and the CVE program's uncertain future:</p> <ul class="default-list"> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/rsac-conference-cybersecurity-partnerships-us-government-trump/816157/" rel="noopener">'Missed opportunity': US government's absence from RSAC Conference leaves stark void</a></li> <li><a target="_blank" href="https://www.darkreading.com/cyber-risk/rsac-eu-leads-us-officials-sidelined" rel="noopener">At RSAC, the EU leads while US officials are sidelined</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/cve-program-ai-vulnerability-reports-funding/815594/" rel="noopener">The CVE Program, a bedrock of global cyber defense, is teetering on the brink</a></li> </ul> <transcript> <p><b>Editor's note:</b><i> The following transcript has been lightly edited for length and clarity by Informa TechTarget's internal AI assistant.</i></p> <p><b>Dark Reading's Rob Wright:</b> Hi, I'm Rob Wright with Dark Reading.</p> <p><b>TechTarget SearchSecurity's Alissa Irei:</b> I'm Alissa Irei with SearchSecurity.</p> <p><b>Cybersecurity Dive's Eric Geller:</b> And I'm Eric Geller with Cybersecurity Dive.</p> <p><b>Wright:</b> And we are here to talk about RSAC Conference 2026. Yes, RSAC, which happened last week. You both were there on the ground in San Francisco. I was covering it from afar. I have my own thoughts on this, but wanted to see what you thought of the show last week, what you heard, and how it stacked up against the theme of the conference, which stood out to all three of us. Alissa, why don't you take it away?</p> <p><b>Irei:</b> Sure. The theme of the conference was community, which was an interesting and pointed choice because the acronym on everyone's lips at the conference and in general is AI. The choice to underscore the importance of community seemed intentional. It emphasized the importance of human operators and human involvement in AI processes. There's anxiety, not just in our field but in every field, about job replacement and AI use. The organizers were making the point that we still need humans. Artificial intelligence is not intelligent without human operators, and for the safety of ourselves and others, humans need to be involved in these processes. Eric, what was your impression of the conference on the ground versus the theme?</p> <p><b>Geller:</b> Everywhere you looked, there was a focus on AI, particularly understanding the threat landscape and trying to get ahead of it with new defensive solutions. That was a common theme in many sessions, even if they weren't explicitly billed as AI talks. For me, the big theme was the tagline on all the posters, "The Power of Community." However, a major part of the community was missing -- the federal government, which pulled out of the conference a few weeks before it began. Every year, government representatives attend to listen to the community and discuss their own plans. This is one of the places where those conversations are the most fruitful, according to many people I spoke to before and during the conference.</p> <p>There's anxiety about what this absence means. It raises questions about whether the government is as interested in participating in these events as it used to be. There have been cuts at agencies that work closely with the business community and security researchers who make up much of the attendance at RSAC and similar events. This absence was a striking contradiction to the emphasis on community. Many people wondered whether it sends a broader signal. We're looking for more information from the government about the cybersecurity strategy they recently released. Many felt RSAC would have been the perfect place to roll out details about what the strategy means in practice. That didn't happen, leaving a void in conversations typically stewarded by federal agencies.</p> <p><b>Wright:</b> That's interesting. My colleague Becky Bracken at Dark Reading wrote about how other governments, such as those in the EU, brought their cybersecurity experts to discuss developments in their regions. However, the gap left by the US government was noticeable. I wrote a story a few weeks ago about spyware policies and a potential shift in US policy. Many opponents of spyware, including civil society organizations, cybersecurity researchers and vendors specializing in this area, expressed concern about a lack of communication and cooperation with the government. They felt they were flying blind, with no clear strategy or direction. Eric, to your point, this absence has made a major impact.</p> <p><b>Irei:</b> It's an interesting moment of unprecedented change. Ideally, this would be a time for public-private partnerships, cooperation and input from the private sector on public regulations and legislation. The absence of the federal government is notable and unlikely to ease anyone's anxieties about AI, which are already plentiful.</p> <p><b>Wright:</b> My anxiety is off the charts. Let's talk about AI. Managing all the stories coming in and covering sessions, it was clear that AI was a major focus at the show. More than two-thirds of the sessions had some AI component or were solely focused on AI. One thing I found interesting was the split between C-level executives and researchers. Researchers emphasized the need for human oversight and caution with agentic AI rollouts and coding assistants. They called for more guardrails and oversight. On the other hand, some higher-ups argued that human oversight should be eliminated because it slows things down, and the whole point of AI is to speed things up. What were you seeing or hearing?</p> <p><b>Irei:</b> On the business side, there's enthusiasm for new AI use cases and experimentation, often with a "ask for forgiveness, not permission" attitude. And at least from what I saw and heard, this creates opportunities for bad outcomes. Eric, I think you wrote about a session discussing vulnerabilities introduced by vibe coding and the lack of oversight. It's troubling, to say the least. On the flip side, I attended a session with the CISO of Exabeam, who shared an example of agentic AI deployed in their SOC. It autonomously identified a North Korean malicious insider on his first day. According to the CISO, the AI flagged the activity within hours, if not minutes, of the individual logging into his account. Eric, I'll let you weigh in. I know you wrote about this topic.</p> <p><b>Wright:</b> That's a good point.</p> <p><b>Geller</b>: One of the quotes that stood out to me in that panel I covered was a guy who basically said, "If AI wrote your Yarrow rules, you should delete them now because they're probably crap." And it really speaks to this hunger for automation. And also, I think this hunger for, frankly, profit margins. The fewer people you can pay to do this work, the more money you're going to make, the better you're going to look to shareholders, the more venture funding you can raise. This is really only partly about security. It's largely about looking profitable by shedding some of that labor cost.</p> <p>Of course, we've seen what happens when you let the AI run rampant. It miscategorizes things. It could cost you a lot of money if you let it do its thing without human supervision. The theme that emerged in a lot of these talks that focused on AI was not so much a balancing act, but kind of both at the same time. Yes, you want some kind of agentic solution taking those mundane tasks off the plate of your specialized expert human, but you also want some kind of governance framework in place so that there's a human periodically dropping in to review what's going on.</p> <p>If you've got an AI agent that is out of control, you'll see the signs of that when you drop in and check on what it's doing. If it's mismanaging things, if it's mislabeling things, you're going to see evidence of that. And so I think that's where a lot of the conversations ended up: yes, there's a real reason why, especially SOC managers, are looking for ways to change the role of the analyst and bring AI more into the threat analysis part of the job. But at the same time, just as you need human supervisors for human workers, you're going to need human supervisors for AI workers because nothing human or machine is infallible.</p> <p>Particularly at the scale at which some of these companies operate, the stakes involved in protecting the networks or leaving them defenseless are high. We're talking about a lot of money that can be made or lost, and so you do want a human being involved checking the work of the AI agent.</p> <p><b>Wright</b>: Yeah, and that makes sense to me. I know one of the sessions I covered last week, one of the stories I wrote, was from a Check Point session. The researchers basically said that we spent 20 years building up all these security measures to protect our networks, shore up defenses around the endpoint and move execution to the cloud where it's theoretically, or I guess in practice, a lot of times safer.</p> <p>The AI coding assistants were basically punching holes through these defenses and setting security back. Literally, they said it was setting security back a decade because now it was giving attackers a route from their endpoint -- from an employee's endpoint -- to the crown jewels, to development environments, to really important data. That didn't used to be the case. All this work that was being done for the last 10 to 20 years is now just being thrown away.</p> <p>The thing that shocked them was how many companies were rushing to these tools without any acknowledgment that, even without a vulnerability, even if you're not exploiting a critical flaw, you're still creating a tunnel from a simple workstation that's probably underprotected to some really important parts of the network that are highly privileged.</p> <p>They were surprised that people were just going full steam ahead with this stuff and not taking a beat to say, "Hey, is this the best idea? Do we need to do more to protect this? Do we need to do more to oversee what the agents are doing and the privileges we're giving to these coding tools?"</p> <p>I was surprised myself to hear their surprise. Based on what I was seeing and hearing at the show, I don't think that's going to change anytime soon. Even with all the research out there about the various vulnerabilities and the expanding attack surface that AI introduces, it doesn't seem like many organizations or people are going to suddenly say, "We need to take a step back." If anything, it feels like pressure is continually mounting to make the most of your investment in AI and, like Eric said, shed costs, save money and reduce workforces. That was the concerning thing for me -- just seeing that split and that dichotomy.</p> <p><b>Irei</b>: It's tricky too because we talk a lot on SearchSecurity about participating in the discourse around security culture and the importance of security being a business enabler -- not being the department of "no" -- and aligning yourself with business objectives.</p> <p><b>Wright</b>: Hmm.</p> <p><b>Irei</b>: Which is all true and important. On the other hand, the culture does seem, to your point, Rob, like it's going in that direction of full steam ahead. Don't ask questions. Don't say anything that's going to slow down the road to profits generated from AI.</p> <p><b>Wright</b>: Yeah.</p> <p><b>Irei</b>: Yeah, it's distressing, I guess.</p> <p><b>Wright</b>: Any closing thoughts from the show? Takeaways, surprises, anything that stuck out to you other than the stuff we've already talked about?</p> <p><b>Geller</b>: Well, I'll offer one that's sort of related to AI, which is about the CVE program. We've really been hearing a lot of warnings about this program for almost a year. I think it was April of last year when they almost lost their government funding. In the year since then, people have been saying that this is not sustainable.</p> <p>People have been working in Europe to create alternatives to the CVE program. There are at least two of them in operation right now, one of them run by the European Union. In addition to the precariousness of not having a guaranteed government funding source, there's also the other problem battering this program right now: AI.</p> <p>The vulnerability reports are coming in faster than they can handle. A person on the panel about CVE from GitHub said the numbers -- the incredible volume of vulnerability reports submitted through their system -- are staggering. A lot of them are coming from AI agents looking for vulnerabilities. Many are low quality, and many are hallucinating vulnerabilities where none exist.</p> <p>That is an incredible amount of work to sort through. For a program already struggling to classify and label these vulnerabilities just to get them in and out the door and give them a number, AI is making it even harder. It's a tidal wave of reports, most of which are garbage. This is not what this program needed at this moment, but it is a trend that is only going to accelerate.</p> <p>I think about the AI agent that jumped to the top of the HackerOne tables last year in terms of reporting the most vulnerabilities. We're not putting that genie back in the bottle. What that means for the CVE program, which is really at the bedrock of everything in cyberdefense, is something I'll be watching very closely.</p> <p><b>Irei</b>: Yep.</p> <p><b>Wright</b>: All right. I bet the AI companies love this because they're probably going to say, "Well, they're going to need AI to decipher all the AI slop that's coming in and sift through it all to find the good stuff."</p> <p><b>Irei</b>: That makes me think, Rob, about an informal conversation I had with Diana Kelly, the CISO at Noma Security. She gave a talk on model collapse and the inevitability of AI consuming its own content. The theme of the talk was "Idiocracy," the movie. If the models keep consuming their own content, at some point, we all become very, very stupid.</p> <p>That brings us back to the theme of community and the importance of human contributions and intelligence. I'll also add, to be the voice of optimism here, that there were moments in the conference -- like the CISO from Exabeam's talk I mentioned earlier -- where there are exciting examples of AI doing what it's supposed to in the SOC.</p> <p>We know SOC analysts are overworked and overstressed. If these AI agents can alleviate some of that burden, sift through the noise and bubble up actionable items, that would be awesome. Is it the end of the world as we know it or a new level of nirvana in the SOC? Probably somewhere in between would be my guess.</p> <p><b>Wright</b>: I'll try to be optimistic. I like ending on an optimistic note, so we'll leave it there. The power of community and positive thinking about AI and its future applications for cybersecurity.</p> <p><b>Irei</b>: The power of community.</p> <p><b>Wright</b>: Yeah, there we go. Thanks so much, guys. Really appreciate it.</p> </transcript> Depending on whom you ask, AI could mean the end of the world as we know it, or the beginning of a new era of ease and enlightenment in the SOC. Learn more in this video discussion. https://www.techtarget.com/searchsecurity/video/At-RSAC-2026-AI-optimism-and-anxiety-and-an-MIA-US-government Fri, 17 Apr 2026 16:48:00 GMT At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government <p>The Boston Marathon on April 20 covers 26.2 miles across eight cities and towns in Massachusetts. While the world focuses on the runners, what about the network that keeps everything on track from start to finish?</p> <p>For the 10-person networking team from Tusker, the IT services company that has been setting up and running this "pop-up network city" for 30 years, its marathon starts 10 days before the runners line up. Tusker's team installs network switches, wireless access points and other equipment throughout the course, including the finish line, medical tents, Fan Fest at City Hall Plaza and the Expo held at the Hynes Convention Center.</p> <p>"It's the most amount of work we do to build an enterprise network that is up and running for the shortest amount of time," Kevin Meany, CTO of networking technology & solutions at Tusker, told Informa TechTarget.</p> <p>The network is fully operational for about three days before Tusker breaks it all down. Even though this network is temporary, it must be strong.</p> <p>"Any problems [at the] Boston Marathon, that could be national news. So, we want to make sure that everything is working perfectly," said Matt Barry, CIO practice lead at BostonCIO and technology consultant for the Boston Athletic Association (<a href="https://www.baa.org/" target="_blank" rel="noopener">BAA</a>), which organizes the event.</p> <p>The Boston Marathon is not just a test of endurance for runners but also a showcase of networking performance under pressure. Read about how advanced technology, from <a href="https://www.techtarget.com/iotagenda/definition/RFID-radio-frequency-identification" target="_blank" rel="noopener">RFID tags</a> to cloud computing, transforms the marathon experience for participants, spectators and organizers.</p> <section class="section main-article-chapter" data-menu-title="Better IT infrastructure creates a better user experience"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Better IT infrastructure creates a better user experience</h2> <p>While the course hasn't changed much in 130 years, technology certainly has. Organizers recognize IT investments as enabling a better experience for runners and spectators, as well as for the team managing all that data.</p> <p>One important piece of wireless technology at the race is the RFID tags, which provide accurate timekeeping and real-time tracking of the 30,000 participants. This tech first entered the race in 1996, when RFID tags were attached to runners' shoelaces, marking the first major U.S. marathon to use them. In 2011, the BAA moved the tags' location to the runners' bibs.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/kevin_meany.jpg " alt="Kevin Meany">Kevin Meany </div> <p>"Today, people have a much better idea of where their runners are on the course, which I think we take for granted a little bit now. Back in the day ... when they had problems on the course, and the communications weren't there at the time, it was nerve-racking for people," Meany said.</p> <p>As runners cross strategically placed timing mats along the race route, the mats read their RFID tags to record the unique runner ID and time. All this data gets sent to the race command center swiftly to deliver a real-time experience for spectators.</p> <p>In years past, server processing was done locally, and Tusker had to bring racks of gear to the command center. All the data was fed directly to the network team in the race command center through hard lines or other means. Meany joked: "You couldn't hear yourself in that room for years -- the time [keepers] used to complain about it." Now he has a few mini servers in the room that provide some networking services, while cloud infrastructure supports part of the operation.</p> <p>"A lot of this data is all in the cloud now," Meany said, praising the freedom and flexibility that networking technology now provides. "We went from having it all on-site to then having dedicated lines to a data center that was located outside the city. [Now] we are leveraging different cloud technologies."</p> </section> <section class="section main-article-chapter" data-menu-title="Downtime prevention with monitoring and redundancy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Downtime prevention with monitoring and redundancy</h2> <p>The marathon demands high connectivity. Millions of transactions must run through the network, according to Barry, the BAA's technology consultant. Data is transmitted across the whole course. Coordinating all those connectivity points, whether hard line, fiber or wireless, is no easy task.</p> <p>In addition to high connectivity, high redundancy and high resiliency are also key -- the whole world is watching. Even though it is a temporary network, the Boston Marathon's setup must be as dependable as any enterprise network. Network monitoring tools help keep everything moving at a smooth pace. These tools can alert the network team if there is an equipment failure or <a href="https://www.techtarget.com/searchnetworking/tip/How-to-ensure-network-performance-and-reliability" target="_blank" rel="noopener">if performance is lagging</a> and it requires attention.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> You don't really have a second chance. And downtime isn't an option. </figure> <figcaption> <strong>Kevin Meany</strong>CTO of networking technology and solutions at Tusker </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Much like a critical manufacturing plant or a financial trading floor, the Boston Marathon relies on multiple fiber bandwidth providers, using the most diverse paths possible, within physical limitations. To ensure backup paths and failovers, the team uses a mix of Layer 3 and Layer 2 networking technologies, Meany said.</p> <p>Specifically, the marathon uses two separate providers for connectivity. One is dedicated to the operations center, and the other is dedicated to the finish line area. If needed, they switch providers to ensure connectivity.</p> <p>"You don't really have a second chance. And downtime isn't an option," Meany said.</p> </section> <section class="section main-article-chapter" data-menu-title="Networking out in the open"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Networking out in the open</h2> <p>Many things can go wrong during a race, and planning is key. Some fixes are as simple as running timing mats off battery-powered mobile carrier routers if there is a power or wire issue. Others are more involved, specifically around the finish line, where demand for connectivity is greatest, according to Barry. After the bombing in 2013, organizers developed a plan for a backup finish line, which demands the same level of connectivity as the original. Thankfully, they haven't had to put it into action.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/matt_barry.jpeg" alt="Matt Barry CIO practice lead at BostonCIO and technology consultant for the Boston Athletic Association">Matt Barry </div> <p>The networking infrastructure in Boston is partly invisible, with RFID tags hidden behind bibs and devices shielded by signage. But it can also be very visible, with cables across the tops of light poles or down the sides of buildings, installed with boom lifts and snorkel trucks. And the marathon puts a lot of strain on these devices, some of which are reused every year and subjected to harsh conditions. It's different from a normal data center, which is housed in a facility with advanced cooling systems.</p> <p>"Pretty is not always the best thing in the world," said Barry. "You just need to make sure that it works." </p> <p><i>Kathleen Casey is the site editor for SearchCloudComputing. She plans and oversees the site, and covers various cloud subjects including infrastructure management, development and security.</i></p> </section> The Boston Marathon requires a high-connectivity, high-redundancy and high-resiliency network. Learn more about the network that keeps the marathon connected. https://cdn.ttgtmedia.com/visuals/German/article/race-runners-fotolia.jpg https://www.techtarget.com/searchnetworking/feature/How-the-network-keeps-pace-with-the-Boston-Marathon Fri, 17 Apr 2026 16:15:00 GMT How the network keeps pace with the Boston Marathon <p>Data is one of an organization's most valuable assets. But without a comprehensive data strategy as a foundation, it often becomes fragmented, inconsistent and difficult to access or trust for business decision-making.</p> <p>An effective enterprise data strategy establishes a structured approach to managing, governing and using data in alignment with business objectives. That enables companies to <a href="https://www.techtarget.com/searchdatamanagement/opinion/Turning-data-into-a-strategic-advantage">unlock greater value from their data assets</a> through improved decision-making, optimized business processes and increased operational efficiency. It also helps them boost innovation and gain a sustainable competitive advantage over less data-driven rivals.</p> <p>The data strategy shouldn't focus on implementing new technologies. That comes later, driven by the strategy. Instead, it should set the direction for data management processes, address common data-related challenges and build the capabilities needed to <a href="https://www.techtarget.com/searchdatamanagement/opinion/Data-management-and-governance-key-to-successful-AI-use">support planned data use</a> across the enterprise.</p> <p>Follow these 12 steps to develop a data strategy that accomplishes those things and positions your organization to realize long-term business benefits.</p> <section class="section main-article-chapter" data-menu-title="1. Define clear business objectives for data initiatives"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Define clear business objectives for data initiatives</h2> <p>A successful enterprise data strategy is grounded in close alignment between data initiatives and business goals. Data management and analytics efforts should directly support priorities such as enabling better-informed decision-making, enhancing customer experience, improving business operations, <a href="https://www.techtarget.com/searchdatamanagement/feature/Modern-data-architectures-as-a-risk-management-strategy">reducing risks</a> and fostering innovation.</p> <p>To achieve this alignment, work closely with senior executives and business managers to identify critical objectives that depend on effective data use. Engaging with key stakeholders at the outset ensures the data strategy addresses real business needs and guides appropriate technology choices to help meet them. Data initiatives tied to measurable business outcomes are more likely to gain executive support and sustained investment in the resources required for long-term success.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Assess the existing data landscape in your organization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Assess the existing data landscape in your organization</h2> <p>Next, get a complete understanding of the organization's current data environment. A comprehensive assessment documents existing technologies, capabilities, challenges and opportunities for improvement. The data management team should conduct it with clear visibility across data domains and business processes enterprise-wide.</p> <p>As part of the assessment, review source systems, data platforms, integration processes, governance structures and analytics applications, as well as how data flows between IT systems in different departments or business units. This uncovers issues such as data silos, inconsistent data definitions, limited metadata visibility and restricted access to relevant data. Identifying these gaps enables data leaders to prioritize initiatives and create a realistic roadmap for implementing the data strategy.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Specify the desired state for data management and analytics"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Specify the desired state for data management and analytics</h2> <p>Once the current-state assessment is complete and the results have been evaluated, articulate what works well and where changes are needed in data management and analytics processes. Defining the desired state clarifies what the organization can achieve through those changes. This vision should be based on the previously identified business imperatives for each data domain and function.</p> <p>As part of this step, set data quality expectations and outline plans to harmonize core data management processes, such as data integration, metadata management and master data management. Doing so ensures consistency across systems and reliable access to <a href="https://www.techtarget.com/searchdatamanagement/opinion/Trusted-data-is-the-foundation-of-data-driven-decisions-GenAI">relevant and trustworthy data</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Identify and prioritize critical data domains"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Identify and prioritize critical data domains</h2> <p>The strategic value of data varies. While an enterprise data strategy by definition should address all data domains, focus initial implementation efforts on the domains and associated data sets that are most critical to business operations and decision-making.</p> <p>Identifying and prioritizing the highest‑value data domains enables data leaders to direct resources to areas where data management and analytics improvements will have the greatest business impact. In a retailer, for example, improving customer data quality enables more accurate analytics for targeted marketing and better customer service. Focusing on high‑value areas also helps demonstrate the data strategy's value and build momentum toward a more <a href="https://www.techtarget.com/searchdatamanagement/tip/Use-these-steps-to-successfully-build-your-data-culture">data‑centric culture</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Create an implementation roadmap"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Create an implementation roadmap</h2> <p>After defining what your organization aims to achieve with data to support business priorities and what's required to do so, create an implementation roadmap that details how it will get there. A well-designed roadmap sequences data initiatives over time in a way that's achievable and measurable.</p> <p>That requires balancing ambition with realism to enable sustained, disciplined progress on the data strategy rather than a series of disconnected short-term projects -- or, worse, overpromising on planned deployments. The roadmap should also connect long-term goals, such as becoming more data-driven or AI-enabled, to concrete steps across data management and analytics processes.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Develop data principles and strategic guardrails"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Develop data principles and strategic guardrails</h2> <p>Incorporate data principles and strategic guardrails into the data strategy so they actively shape decisions on data management and use, rather than being abstract guidelines. Foundational principles -- such as treating data as an enterprise asset, ensuring it's accurate and accessible, and establishing a single source of truth through transparent data management practices -- should directly inform the data operating model and architecture. This drives data consistency, reuse and trust across the organization.</p> <p>Strategic guardrails are operational constraints and requirements in areas such as privacy, security, <a href="https://www.techtarget.com/searchbusinessanalytics/feature/Why-ethical-use-of-data-is-so-important-to-enterprises">ethical data use</a>, data quality and data platform design. Embed them in the data strategy as part of data governance policies and the implementation roadmap. Aligning suitable guardrails with the execution of data initiatives provides clear direction on appropriate data use, reduces data-related risks and enables BI, data science and business teams to innovate confidently within well-defined boundaries.</p> </section> <section class="section main-article-chapter" data-menu-title="7. Build a data governance framework and assign data ownership"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. Build a data governance framework and assign data ownership</h2> <p>A strong data governance program is a <a href="https://www.techtarget.com/searchdatamanagement/tip/6-key-components-of-a-successful-data-strategy">critical component of a data strategy</a>. Effective data governance ensures that data remains consistent and reliable and that it's managed and used properly. Without it, various problems can arise. For example, different departments might create conflicting data definitions or data quality might deteriorate, compromising business decisions due to incomplete or inaccurate information.</p> <p>Include <a href="https://www.techtarget.com/searchdatamanagement/tip/5-benefits-of-building-a-strong-data-governance-strategy">implementing the data governance framework</a> as a foundational item in the data strategy's roadmap. The strategy should also detail expectations for managing data throughout its lifecycle and the role of data governance in supporting business objectives. Additionally, work with business stakeholders to assign ownership of data assets to appropriate individuals or teams and task them with ensuring the data they oversee is managed and used in accordance with governance policies.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Design an enterprise data architecture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Design an enterprise data architecture</h2> <p>A <a href="https://www.techtarget.com/searchdatamanagement/definition/What-is-data-architecture-A-data-management-blueprint">data architecture</a> provides the technical foundation for managing and delivering data. It defines and visualizes how data is processed, integrated, stored and accessed across systems. However, in many organizations, the existing data architecture has been developed over time, often in a piecemeal fashion without an enterprise-wide focus. As a result, redundancies and gaps in the architecture create challenges with data access and use.</p> <p>To address these issues, design an enterprise data architecture as part of the data strategy. In addition to a high-level architectural blueprint, it should include artifacts such as data models, data flow diagrams and documents that map data use to business processes. A well-designed data architecture guides data management processes, helps teams identify data challenges and supports both operational reporting and advanced analytics.</p> </section> <section class="section main-article-chapter" data-menu-title="9. Implement security, privacy and regulatory compliance controls"> <h2 class="section-title"><i class="icon" data-icon="1"></i>9. Implement security, privacy and regulatory compliance controls</h2> <p>Protecting the ever-increasing volumes of data that organizations collect and use is critical to avoiding business problems. In addition to strategic guardrails that set high-level boundaries on data management and use, a data strategy must include specific controls to <a href="https://www.techtarget.com/searchdatamanagement/feature/Top-3-data-privacy-challenges-and-how-to-address-them">mitigate data security and privacy risks</a>. For example, ensure that only authorized users can access sensitive data and that potential security threats can be detected and addressed quickly through predefined incident response plans.</p> <p>Regulatory compliance is also a broader issue now due to the <a href="https://www.techtarget.com/searchdatamanagement/tip/Data-governance-regulations-that-executives-should-know">growing number of data protection laws</a> that require responsible management of personal information and transparency about how data is used. Integrate compliance mechanisms into the data strategy to help reduce legal risks and maintain trust with customers and business partners.</p> </section> <section class="section main-article-chapter" data-menu-title="10. Enable data accessibility and increased data literacy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>10. Enable data accessibility and increased data literacy</h2> <p>Making trusted data accessible to the people who need it is a core objective of an enterprise data strategy. Data access is no longer restricted to technical specialists. A modern data strategy supports controlled, governed access for business users and data analysts through user-friendly dashboards, self-service analytics tools and <a href="https://www.techtarget.com/searchdatamanagement/answer/What-steps-are-key-to-building-a-data-catalog">centralized data catalogs</a>.</p> <p>However, data accessibility alone isn't enough. Increased data literacy is also required across the organization to maximize the business value derived from data assets. As part of the data strategy, <a href="https://www.techtarget.com/searchbusinessanalytics/tip/Develop-a-data-literacy-program-to-fit-your-company-needs">develop a data literacy program</a> that sets expectations for workers and includes training to help them become more data-literate.</p> </section> <section class="section main-article-chapter" data-menu-title="11. Build in support for BI, advanced analytics and AI applications"> <h2 class="section-title"><i class="icon" data-icon="1"></i>11. Build in support for BI, advanced analytics and AI applications</h2> <p>In the past, data strategies often focused primarily on delivering data for use in BI and reporting applications. But now they must also focus on the data needed for expanding deployments of advanced analytics and AI applications in companies.</p> <p>Build support for techniques and tools such as predictive analytics, machine learning and both generative AI and agentic AI into the enterprise data strategy. Used effectively, they help organizations identify patterns in large data sets, forecast trends, explore data more efficiently and optimize or automate business processes. However, they <a href="https://www.techtarget.com/searchdatamanagement/opinion/The-future-of-AI-depends-on-better-data-not-bigger-models">depend on the strong data foundation</a> that a data strategy provides.</p> </section> <section class="section main-article-chapter" data-menu-title="12. Define metrics to track and evolve the data strategy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>12. Define metrics to track and evolve the data strategy</h2> <p>A data strategy should evolve over time as business priorities, data sets, technologies and regulations change -- and as problems are identified. To guide this evolution, define <a href="https://www.techtarget.com/searchdatamanagement/feature/Data-governance-metrics-Data-quality-data-literacy-and-more">KPIs and other metrics</a> to track the effectiveness of data initiatives. Include ones on things such as data quality, governance activities and data availability, security and use.</p> <p>Monitoring them enables data and business leaders to evaluate progress on initiatives and identify areas for improvement. Regular reviews and continuous refinement of the data strategy ensure that it remains aligned with the organization's needs and continues to deliver business value. Spell out the need for that upfront, when setting expectations for the strategy, so it isn't a surprise to anyone.</p> <p><em>Anne Marie Smith, Ph.D., is an information management professional and consultant with broad experience across industries. She has also designed and delivered numerous data management courses and educational programs.</em></p> </section> Here are 12 to-do items for data leaders developing a data strategy to help their organization use data more effectively for analytics and business decision-making. https://cdn.ttgtmedia.com/visuals/search400/iseries_database_manage/search400_article_014.jpg https://www.techtarget.com/searchdatamanagement/tip/Developing-an-enterprise-data-strategy-10-steps-to-take Fri, 17 Apr 2026 15:50:00 GMT How to develop an enterprise data strategy: 12 key steps <p>The US <a href="https://www.nist.gov/" target="_blank" rel="noopener">National Institute for Standards and Technology</a> (NIST) is in the process of shaking up the way in which it handles common vulnerabilities and exposures (CVEs) listed in the <a href="https://nvd.nist.gov/" target="_blank" rel="noopener">National Vulnerability Database</a> (NVD) in the face of a rapidly-changing threat environment.</p> <p>Previously, the NVD programme aimed to analyse all <a href="https://www.techtarget.com/searchsecurity/definition/Common-Vulnerabilities-and-Exposures-CVE" target="_blank" rel="noopener">CVEs</a> received to add details – like severity scores and affected product lists – to help cyber teams prioritise and mitigate relevant vulnerabilities. It terms this process ‘enrichment’.</p> <p>However, going forward, it will enrich only those CVEs that meet a predefined set of criteria – those flaws that don’t mean this bar will still be listed but will be marked as lower priority issues.</p> <p>“This change is driven by <a href="https://www.computerweekly.com/news/366638949/CVE-volumes-may-plausibly-reach-100000-this-year" target="_blank" rel="noopener">a surge in CVE submissions</a>, which increased 263% between 2020 and 2025. We don’t expect this trend to let up anytime soon. Submissions during the first three months of 2026 are nearly one-third higher than the same period last year,” NIST said in a statement.</p> <p>“We are working faster than ever. We enriched nearly 42,000 CVEs in 2025 – 45% more than any prior year. But this increased productivity is not enough to keep up with growing submissions. Therefore, we are instituting a new approach.”</p> <p>The authority hopes that these changes will enable it to stabilise its programme and buy some time to help it develop new automated systems and workflow enhancements.</p> <section class="section main-article-chapter" data-menu-title="Priorities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Priorities</h2> <p><a href="https://nvd.nist.gov/general/cve-process" target="_blank" rel="noopener">The new criteria</a> went into effect on Wednesday 15 April, with the following CVEs prioritised:</p> <ul class="default-list"> <li>Those that the US government’s Cybersecurity and Infrastructure Security Agency (Cisa) has added to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank" rel="noopener">Known Exploited Vulnerabilities</a> (Kev) catalogue;</li> <li>Those appearing in software used within the US government;</li> <li>Those for critical software <a href="https://www.nist.gov/system/files/documents/2026/04/15/EO%2014028%20Critical%20FINAL.pdf" target="_blank" rel="noopener">as defined by president Biden’s Executive Order 14028</a>, issued in October 2021.</li> </ul> <p>“This will allow us to focus on CVEs with the greatest potential for widespread impact. While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritised categories,” said NIST.</p> <p>The organisation acknowledged that the new criteria may not catch every potentially high-impact flaw, so users will be able to request reviews of lower priority CVEs for enrichment.</p> <p>At the same time, NIST will no longer routinely provide a separate severity score for CVEs that have already been assigned one by the CVE Numbering Authority – firms such as Microsoft, etc – that submitted it. It said this was an effort to reduce duplication of effort and better focus its resources, although users are also able to request reviews of specific CVEs if wanted.</p> <p>NIST is also changing how it goes about reanalysing enriched CVEs that have been modified after enrichment. Previously it had reanalysed all modified flaws but it will now only do so if it becomes aware of a modification that materially impacts its enrichment data. Again, a user-requested review system will be put in place.</p> </section> <section class="section main-article-chapter" data-menu-title="The backlog"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The backlog</h2> <p>In relation to a significant backlog of unenriched CVEs that started to develop two years ago, NIST stated that it has not been able to clear this down and so all backlogged CVEs with an NVD publish date before 1 March 2026 will be moved into the ‘Not Scheduled’ category. CVEs falling into this bucket will be considered for enrichment provided they meet the new prioritisation criteria.</p> <p>Finally, NIST is updating CVE status labels and descriptions, and making changes to the NVD Dashboard to accurately report these.</p> <p>The organisation said it recognised it was making big changes that will affect everyday users, however, it reiterated, adopting a risk-based approach is necessary to manage the surge in submissions and buy it time to build new systems that will ensure the sustainability of its offering going forward.</p> <p>Danis Calderone, principal and chief technology officer at <a href="https://suzulabs.com/" target="_blank" rel="noopener">Suzu Labs</a>, said NIST had probably taken the right decision.</p> <p>“An overhaul was certainly needed and probably inevitable given the volume of new CVE submissions, and we suspect that AI-assisted discovery is probably already pushing that number higher. After all, Microsoft just had its second-largest Patch Tuesday ever, and even ZDI says their incoming submissions have tripled thanks to AI tools,” said Calderone.</p> <p>“We are excited to see NIST making Kev the top priority tier. That is the right call and something we’ve been doing with our clients for some time now, so we’re very happy to see that becoming the official model.”</p> <p>However, Calderone criticised some perceived gaps in NIST’s new methodology, specifically the ending of CVE scoring when the submitting authority has already scored it.</p> <p>“That sounds efficient until you remember that the submitting authority is often the vendor, and vendors don't always get their own bugs right,” he said. “We just went through this with F5. A recent BIG-IP vulnerability was scored 8.7 HIGH as a denial-of-service issue for five months before it got reclassified as a 9.8 RCE. For organisations using CVSS to drive patching priority, that miscategorisation meant the real risk sat in the wrong queue for five months while attackers were already exploiting it.”</p> <p>“The other thing missing here is that NIST addressed the processing volume problem but didn't touch the scoring methodology. CVSS still scores vulnerabilities in isolation. It doesn't model chainability, where an attacker combines a medium-severity information disclosure with a medium-severity privilege escalation and ends up with critical impact. Neither bug scores as urgent on its own, but together they give you full system compromise.”</p> <p>Calderone said that for security leaders who have relied on NVD as their go-to for vulnerability context, the time was nigh to build their own prioritisation stack. This could incorporate data from Cisa’s Kev catalogue, <a href="https://www.first.org/epss/" target="_blank" rel="noopener">Exploit Prediction Scoring System</a> (EPSS) information, and their organisation’s own environmental context.</p> <p>“The days of waiting for NIST to tell you what matters are over,” he remarked.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about patching and vulnerability mitigation</h3> <ul class="default-list"> <li>Artificial intelligence supplier Anthropic promises UK banks the opportunity to review its Mythos AI model, which has already revealed <a href="https://www.computerweekly.com/news/366641763/Bank-cyber-teams-on-red-alert-as-Anthropic-promises-them-Mythos-next-week" target="_blank" rel="noopener">thousands of security flaws</a>.</li> <li>Microsoft’s latest Patch Tuesday update may be one of the largest in history, <a href="https://www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server" target="_blank" rel="noopener">with more than 160 issues in scope</a>.</li> <li>These 12 tools approach patching from different perspectives. Understanding their various approaches <a href="https://www.techtarget.com/searchenterprisedesktop/tip/12-best-patch-management-software-and-tools" target="_blank" rel="noopener">can help you find the right product for your needs</a>.</li> </ul> </div> </div> </section> NIST announces big changes to the way it categorises and manages CVEs, set to have a big impact on how organisations manage patching and remediation. https://cdn.ttgtmedia.com/visuals/German/article/priorities-brainstorming-anaylse-plan-adobe.jpg https://www.computerweekly.com/news/366641916/Surging-CVE-disclosures-force-NIST-to-shake-up-workflows Fri, 17 Apr 2026 15:19:00 GMT Surging CVE disclosures force NIST to shake up workflows <p>With its dominant position in enterprise IT, Microsoft and its many products understandably provide an inviting target for threat actors. News this week showed just how enticing that target remains.</p> <p>Vulnerabilities in Microsoft products took center stage. Security flaws disclosed were of the classic variety -- enabling privilege escalation -- as well as the more modern – AI prompt injection. The 165 flaws included in Microsoft's April Patch report were reportedly the most since 175 vulnerabilities filled the October 2025 report.</p> <p>Patches were for browsers, security key protocols, malware defenses and other technologies, but SharePoint featured prominently. One of Microsoft's most enduring products, SharePoint turned 25 this year. The <a href="https://www.techtarget.com/searchcontentmanagement/feature/An-overview-of-Microsoft-SharePoint">enterprise content management and collaboration tool</a> is widely used, and consequently is <a href="https://www.techtarget.com/searchcontentmanagement/news/366627759/Microsoft-SharePoint-attacks-target-on-premises-servers">targeted by threat actors</a>.</p> <p>Weeks like this come along to remind security teams that <a href="https://www.techtarget.com/searchenterprisedesktop/definition/patch-management">patch management</a> is an ever-present and never-finished duty.</p> <section class="section main-article-chapter" data-menu-title="Zero days among the many vulnerabilities Microsoft discloses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Zero days among the many vulnerabilities Microsoft discloses</h2> <p>Microsoft this week released patches for 165 vulnerabilities, two of which were zero-day flaws. One actively exploited zero day, CVE-2026-33825, affects Microsoft Defender and could grant attackers system-level privileges. Elevation-of-privilege bugs dominated the update, comprising 57% of the patches, followed by remote code execution (RCE) and information disclosure flaws.</p> <p>Eight vulnerabilities were deemed critical, including CVE-2026-33824, an RCE flaw in Windows Internet Key Exchange Service Extensions. Additionally, nearly 80 Edge and Chromium patches were included, emphasizing the importance of swift browser updates.</p> <p><a target="_blank" href="https://www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update" rel="noopener"><i>Read the full story by Jai Vijayan on Dark Reading</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="Spoofing flaw found in SharePoint"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Spoofing flaw found in SharePoint</h2> <p>Researchers have identified active exploitation of <a target="_blank" href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201" rel="noopener">CVE-2026-32201</a>, a medium-severity spoofing vulnerability in SharePoint caused by improper input validation. With a CVSS score of 6.5, the flaw enables unauthorized attackers to view and modify sensitive information.</p> <p>Defused, a threat intelligence firm, reported coordinated reconnaissance campaigns targeting SharePoint across four IPs between April 1 and April 11. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft issued mitigation guidance that also addressed a separate cross-site scripting vulnerability, CVE-2026-20945, which remains unexploited.</p> <p>This disclosure follows the recent addition of CVE-2026-20963, a critical deserialization vulnerability with a severity score of 9.8, to the KEV catalog. The findings echo the <a href="https://www.techtarget.com/searchsecurity/news/366628194/News-brief-SharePoint-attacks-hammer-globe">ToolShell exploitation campaign in 2025</a>, which targeted SharePoint vulnerabilities, including remote code injection and network spoofing flaws, affecting hundreds of customers.</p> <p><a target="_blank" href="https://www.cybersecuritydive.com/news/medium-severity-flaw-microsoft-sharepoint-exploitation/817559/" rel="noopener"><i>Read the full article by David Jones on Cybersecurity Dive</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="Hackers hit SharePoint via prompt injection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hackers hit SharePoint via prompt injection</h2> <p>Research from AI security vendor Capsule Security highlighted the persistent threat of prompt-injection attacks in AI systems, focusing on vulnerabilities in Salesforce Agentforce and Microsoft Copilot.</p> <p>The Salesforce flaw, dubbed PipeLeak, enabled attackers to embed malicious instructions into public CRM forms, leading to unauthorized data exfiltration. Similarly, the Microsoft Copilot vulnerability, named ShareLeak and tracked as CVE-2026-21520, exploited SharePoint form inputs to extract sensitive customer data.</p> <p>Both attacks underscore architectural flaws in handling untrusted inputs, with Capsule recommending stricter input sanitation and manual oversight. Salesforce addressed the issue but emphasized human-in-the-loop configurations, a response criticized for undermining AI autonomy. Capsule warned that the so-called "lethal trifecta" -- AI agents with sensitive data access, external exposure to untrusted content and external communication -- poses significant risks.</p> <p><a target="_blank" href="https://www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws" rel="noopener"><i>Read the full article by Alexander Culafi on Dark Reading</i></a><i>.</i></p> <p><b>Editor's note: </b><i>An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.</i></p> <p><i>Phil Sweeney is an industry editor and writer focused on cybersecurity topics.</i></p> </section> Check out the latest security news from TechTarget SearchSecurity's sister sites, Cybersecurity Dive and Dark Reading. https://cdn.ttgtmedia.com/rms/onlineimages/security_g1192070289.jpg https://www.techtarget.com/searchsecurity/news/366641824/News-brief-Microsoft-security-vulnerabilities-revealed Fri, 17 Apr 2026 15:06:00 GMT News brief: Microsoft security vulnerabilities revealed <div class="extra-info"> <div class="extra-info-inner"> <h2>Executive Summary</h2> <ul class="default-list"> <li>The build-or-buy decision is strategic, not technical. CIOs must evaluate whether custom AI preserves competitive advantage.</li> <li>Most successful deployments use hybrid approaches. Organizations combine vendor platforms for standard functions</li> <li>Governance and vendor risk management are critical. Security frameworks must be embedded from day one. Ethical AI policies cannot be retrofitted.</li> </ul> </div> </div> <p>CIOs are under <a href="https://www.techtarget.com/searchcio/feature/CIOs-are-feeling-the-pressure-of-the-AI-leadership-gap">growing pressure to move on AI quickly</a> and effectively.<br><br><a href="https://www.deloitte.com/us/en/insights/topics/technology-management/ai-infrastructure-survey.html" target="_blank" rel="noopener">Deloitte's inaugural AI Infrastructure Survey</a> found that organizational business challenges (48%), regulatory pressures (48%) and talent gaps (40%) are the top obstacles slowing enterprise AI plans. The gap between AI ambition and execution is wide, and the decision at its center is whether to build custom AI programs in-house or purchase existing vendor platforms.</p> <p>The choice shapes how AI talent is deployed, who controls core business logic and whether the organization can sustain what it deploys. A wrong build decision ties up AI talent on infrastructure work that vendors already offer at scale. A wrong decision hands control of core business logic to a vendor's roadmap, locking the organization into someone else's priorities. <br><br>"AI transformation rarely fails from a lack of ambition," Vamsi Duvvuri, EY Americas technology, media and telecommunications AI leader, said. "It fails from a lack of architecture and alignment across workflows, people and systems."</p> <section class="section main-article-chapter" data-menu-title="Understanding the build option"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding the build option</h2> <p>Not every AI capability needs to be purchased from a vendor. For some organizations, building in-house is the right path for competitive differentiation.</p> <h3>When building makes sense</h3> <p>The strongest case for custom AI development is when existing solutions cannot meet specific business requirements. Off-the-shelf AI products generalize by design. They must work across many companies, which means they sacrifice specialization, workflow nuance or proprietary data logic that creates a competitive advantage. <br><br>"CIOs should ask: are we buying intelligence, or are we buying standardization where our business actually needs specialization?" said Oscar Marin, managing director at EY Technology Consulting.</p> <p>Organizations with <a href="https://www.techtarget.com/searchcio/feature/The-AI-talent-wars-explained-What-CIOs-need-to-know">in-house AI talent</a> and technical expertise also gain long-term strategic control. Duvvuri calls these capabilities industry native. Owning those data and intelligence layers rather than renting them preserves differentiation that competitors using the same packaged programs cannot replicate.</p> <h3>Challenges and considerations</h3> <p>Development time and upfront costs run higher than most organizations project. Ongoing maintenance, model updates, talent acquisition and retention compound the investment beyond the initial build. What organizations consistently underestimate is the people. <br><br>"Talent, business readiness and data are the biggest factors that define success and are mostly underestimated," said Darshan Naik, chief growth officer for technology at Capgemini Americas.</p> </section> <section class="section main-article-chapter" data-menu-title="Understanding the buy option"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding the buy option</h2> <p>Purchasing an existing AI platform is the right call for a significant portion of enterprise use cases, and the wrong call for others.</p> <h3>When buying makes sense</h3> <p>Buying AI services makes the most sense when speed and proven capability are the main requirements for a project. For organizations with limited in-house AI expertise or resources, buying provides access to model performance that few enterprises can recreate internally. For standard use cases, the vendor market offers options that can be deployed quickly, so teams can focus on core business rather than technology development. <br><br>"If success depends on access to the best frontier model performance, that usually points toward buy," Marin said.</p> <h3>Challenges and considerations</h3> <p>The risks of buying AI programs include dependency, customization limits and data control. A <a href="https://zapier.com/blog/ai-vendor-lock-in-survey/" target="_blank" rel="noopener">Zapier survey</a> found that nearly three out of four survey respondents said losing their primary AI source would negatively affect day-to-day operations, and only 6% said they could walk away without disruption. Vendor programs are designed to be more general-purpose, which can force organizations into a more generic operating model. Ongoing licensing and subscription costs will also grow at scale. Data security and compliance concerns add further risk. <br><br>"Critical signals and workflows become trapped inside proprietary platforms, limiting data reuse across use cases and narrowing future architecture choices," Duvvuri said.</p> </section> <section class="section main-article-chapter" data-menu-title="CIO's decision matrix"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CIO's decision matrix</h2> <p>Most failed build-or-buy decisions start the same way. <br><br>"One of the most common mistakes is treating build-versus-buy as a purely technology decision," Naik said.</p> <p>Consider the following criteria:</p> <ul class="default-list"> <li><b>Strategic alignment.</b> If the capability shapes how the company competes, buying it gives every competitor that has access to the same platform an edge. "If it is industry-native and differentiation-critical, default to building the data and intelligence layers and then buying and activating the commoditized layers for speed," Duvvuri said.</li> <li><b>Technical complexity.</b> The more AI needs to embed into proprietary workflows, domain-specific data or unique decision logic, the less a packaged program can deliver. "If success depends on how AI is embedded into a specific workflow, operating model or data context, that points much more toward build," Marin said.</li> <li><b>Resource availability.</b> Organizational maturity, talent and data readiness are the most reliable predictors of success, according to Naik. Without them, the build path fails before it delivers value.</li> <li><b>Time-to-market.</b> Buying almost always wins when speed is the determining factor. Jim Rowan, principal and U.S. head of AI at Deloitte Consulting LLP, noted that 75% of organizations still fail to move from proof of concept to enterprise scale, regardless of the path, citing Deloitte's AI Infrastructure Survey.</li> <li><b>Total cost of ownership.</b> Evaluating one use case at a time obscures economics. "Deciding one use case at a time hides the portfolio-level reuse economics where the biggest cost and speed advantages usually live," Duvvuri said.</li> <li><b>Scalability and flexibility.</b> Tools that work for a team or a pilot often become cost-inefficient, especially when governance overhead scales nonlinearly.</li> <li><b>Risk tolerance.</b> Governance frameworks embedded from day one deliver better compliance and adoption outcomes than those added after deployment, according to Rowan.</li> </ul> <p>Score each of the following criteria against your organization's current reality. Four or more signals in one column are a strong indicator. No single criterion is disqualifying on its own.</p> <table class="main-article-table"> <thead> <tr style="height: .25in;"> <td style="width: 76.4531px; height: 50px;"> <p><span style="color: #ffffff;"><b>Criteria</b></span></p> </td> <td style="width: 125.109px; height: 50px;"> <p><span style="color: #ffffff;"><b>Key question</b></span></p> </td> <td style="width: 135.703px; height: 50px;"> <p><span style="color: #ffffff;"><b>Build</b></span></p> </td> <td style="width: 134.906px; height: 50px;"> <p><span style="color: #ffffff;"><b>Buy</b></span></p> </td> <td style="width: 145.828px; height: 50px;"> <p><span style="color: #ffffff;"><b>Hybrid</b></span></p> </td> </tr> </thead> <tbody> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Strategic alignment</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>Does this capability shape how we compete?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>Yes: core to differentiation</p> </td> <td style="width: 134.906px; height: 86px;"> <p>No: supports operations only</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Differentiating logic built; commodity layers bought</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Technical complexity</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>How specialized are the requirements?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>Highly specialized; proprietary data or workflow</p> </td> <td style="width: 134.906px; height: 86px;"> <p>Standard use case; proven vendor solutions exist</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Custom layer on vendor base model</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 68px;"> <p><b>Resource availability</b></p> </td> <td style="width: 125.109px; height: 68px;"> <p>Do we have talent and data readiness?</p> </td> <td style="width: 135.703px; height: 68px;"> <p>Yes: in-house expertise available</p> </td> <td style="width: 134.906px; height: 68px;"> <p>No: limited AI capability internally</p> </td> <td style="width: 145.828px; height: 68px;"> <p>Gaps filled by partner or MSP</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Time-to-market</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>How urgent is deployment?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>Timeline allows for development</p> </td> <td style="width: 134.906px; height: 86px;"> <p>Need it in weeks, not months</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Buy now; build differentiation over time</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Total cost of ownership</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>What are the long-term economics?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>High reuse potential across portfolio</p> </td> <td style="width: 134.906px; height: 86px;"> <p>Build cost and risk outweigh licensing</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Shared platform for commoditized layers</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Scalability and flexibility</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>Can we sustain this at scale?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>Own the architecture; scale on our terms</p> </td> <td style="width: 134.906px; height: 86px;"> <p>Vendor scale is sufficient</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Orchestration layer prevents lock-in</p> </td> </tr> <tr style="height: 36.9pt;"> <td style="width: 76.4531px; height: 86px;"> <p><b>Risk tolerance</b></p> </td> <td style="width: 125.109px; height: 86px;"> <p>Are governance frameworks in place?</p> </td> <td style="width: 135.703px; height: 86px;"> <p>Yes: security and ethics built in from day one</p> </td> <td style="width: 134.906px; height: 86px;"> <p>Vendor compliance meets requirements</p> </td> <td style="width: 145.828px; height: 86px;"> <p>Portability terms negotiated upfront</p> </td> </tr> </tbody> </table> <p></p> </section> <section class="section main-article-chapter" data-menu-title="Hybrid approaches: The middle ground"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hybrid approaches: The middle ground</h2> <p>Many production AI deployments combine build and buy rather than choosing one or the other. <br><br>"The real question is not simply whether to build or buy AI," Marin said. "It is which parts of the AI stack you should buy, and which parts you should build to preserve differentiation."</p> <p> Hybrid options include:</p> <ul class="default-list"> <li><b>Vendor platforms with custom integrations.</b> By using a vendor platform as the foundation and adding custom orchestration, organizations can accelerate development of standard components while maintaining competitive advantages that packaged programs cannot deliver.</li> <li><b>Open source deployment</b>. Open source AI models enable in-house customization without vendor dependency, giving organizations architectural control and the ability to fine-tune on proprietary data.</li> <li><b>Managed AI services</b>. Third-party providers deliver capability faster than internal hiring allows, bridging the gap while <a href="https://www.techtarget.com/searchhrsoftware/tip/How-organizations-can-reskill-and-upskill-employees-in-AI">internal teams build the skills</a> to take ownership.</li> <li><b>Consulting partnerships</b>. External specialists help organizations build infrastructure and governance frameworks required to eventually manage AI development independently.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Implementation considerations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Implementation considerations</h2> <p>Building internal AI capabilities requires the following three processes, which organizations consistently underestimate:</p> <ul class="default-list"> <li><a href="https://www.techtarget.com/searchcio/feature/AI-talent-strategy-How-Rayburn-Electric-builds-AI-ready-teams">Hiring AI talent</a> for sustainment, not just delivery.</li> <li>Establishing a disciplined development lifecycle.</li> <li>Creating governance frameworks before deployment.</li> </ul> <p>AI procurement strategy should be treated as an ongoing operational discipline, with defined ownership, exit criteria and periodic vendor reviews built in from the start.</p> <p>"Today, organizations can build AI-enabled capabilities much faster than before, especially when they use a disciplined lifecycle with strong architecture, testing, governance, and human oversight," Marin said.</p> <p>Two implementation steps are often treated as afterthoughts, whether the organization is building or buying.</p> <p><b>Governance cannot be retrofitted. </b>Creating ethical AI frameworks and security blueprints before deployment, not after, is a critical foundation. "Those that bolt on security later can undermine adoption and create vulnerabilities," Rowan said.</p> <p><b>Vendor selection requires the same rigor.</b> Evaluating vendor credibility means assessing stability, not just capability. Zapier's research found more than a third of enterprise leaders are concerned about a single point of failure in their AI vendor relationships, and 32% specifically worry about a vendor shutting down entirely. Forty-four percent of enterprises have responded by using multiple AI vendors simultaneously to spread that risk, and 42% maintain contingency plans for pricing changes or outages.</p> <p>Emily Mabie, a senior AI automation engineer at Zapier, said there are questions to answer when <a href="https://www.techtarget.com/searchcio/feature/What-CIOs-need-to-know-going-into-AI-vendor-negotiations">managing vendor relationships</a>. These questions include "Who actually owns the vendor relationship? If the service starts slipping, what's the exit plan?"</p> <p>She also suggests that contract and SLA negotiations should include explicit data portability terms and exit provisions. "What happens to my operations if this vendor goes out of business, raises its prices or gets acquired?" Mabie said.</p> </section> <section class="section main-article-chapter" data-menu-title="Case studies and real-world examples"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Case studies and real-world examples</h2> <p>EY's partnership with 8090, an AI-native software development company, demonstrates what the build approach looks like when delivery discipline is in place. Together they developed EY.ai PDLC, an AI-native product development lifecycle that combines architecture, governance, automated testing and human oversight. The result compresses what traditionally took months into days or weeks. <br><br>"That is the important signal from EY's work with 8090: the opportunity is not just faster coding, but a more structured AI-native lifecycle for building enterprise solutions," Marin said.</p> <p>The practitioners and analysts who advise on these decisions daily see consistent failure patterns on both sides. "Unsuccessful investments typically emerge as pilots in purgatory," Rowan said.</p> <p>The build failure pattern is recognizable across client engagements.</p> <p>"A common pattern is spreading effort too thin, touching many workflows without fully transforming any, rather than proving depth in a single end-to-end use case," Duvvuri said. "The organization underestimates sustainment: the ongoing engineering, AI/MLOps, and governance required as models, data and requirements change."</p> <p>Production deployments also often expose what pilots hide.</p> <p>"A failed build often looks like early excitement followed by problems scaling, governing, integrating and sustaining the solution in production," Marin said.</p> </section> <section class="section main-article-chapter" data-menu-title="Making the right choice for your organization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Making the right choice for your organization</h2> <p>The right decision depends on organizational maturity, competitive context, data readiness and risk tolerance. Locking into long-term commitments before the fundamentals are in place creates unnecessary risk.</p> <p>"Without embedding enterprise-specific context into AI tools, value realization tends to be slow, fragmented, and significantly more expensive than expected," Naik said.</p> <h3>Continuous evaluation is the discipline</h3> <p>AI technologies and vendor capabilities are evolving so quickly that today's build decision may have a strong alternative within a year. "Just as important is maintaining flexibility in the approach, as AI technologies and vendor capabilities continue to evolve rapidly," Naik said.</p> <h3>The decision is strategic, not technical</h3> <p>Balancing innovation with practical business outcomes requires treating build-or-buy as an ongoing architecture question, not a one-time procurement event.</p> <p>"The key is to avoid treating build-versus-buy solely as a technology decision," Rowan said.<br>"Rather, it should be seen as a strategic decision and an investment in organizational transformation that aligns people, processes, security and governance."</p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> <p> </p> </section> CIOs must decide whether to build custom AI or buy vendor platforms. The choice determines talent deployment, competitive advantage and long-term control over business logic. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a373894778.jpg https://www.techtarget.com/searchcio/feature/Build-vs-buy-AI-A-CIOs-decision-matrix Fri, 17 Apr 2026 14:47:00 GMT Build vs. buy AI: A CIO's decision matrix <p><a href="https://www.techtarget.com/searchenterpriseai/definition/agentic-AI"><i>Agentic AI</i></a><i> deployments in businesses so far have been reminiscent of the "rogue IT" days of SaaS, with employees accessing or demanding unauthorized apps, authorized tools just starting to roll out, and business and IT leaders scrambling to articulate a coherent strategy for the organization.</i></p> <p><i>True, sanctioned pilots are plentiful, but many organizations report frustration with scaling up these agentic AI applications, in part because the apps are designed to handle narrow tasks. Security, governance and data foundations are usually works in progress, and </i><a href="https://www.techtarget.com/searcherp/podcast/Plan-a-multi-agent-orchestration-framework-for-scalable-AI"><i>multi-agent orchestration</i></a><i> -- getting agents to collaborate on complex tasks and goals -- remains unsolved for in-house developers and software vendors.</i></p> <p><i>Deloitte, the Big Four accounting firm and IT consultancy, has been introducing advisory services and online tools designed to help clients draft and execute agentic AI roadmaps that produce tangible business results.</i></p> <p><i>In this Q&A, China Widener, Deloitte's vice chair and U.S. technology, media and telecommunications industry leader, explained how to escape "pilot purgatory" and plot a strategy for scalable agentic AI. She also shared advice on addressing </i><a href="https://www.techtarget.com/searchcio/feature/AI-job-losses-Transformation-expected-not-mass-layoffs"><i>AI job loss fears</i></a><i> by redesigning work in ways that benefit both individuals and their organizations.</i></p> <p><i>Widener is approaching her 20th anniversary at Deloitte in May. She previously held C-suite roles in Ohio state government and was an assistant county prosecutor.</i></p> <p><i>Editor's note: This interview was edited for clarity and brevity.</i></p> <p><b>If you could name one thing, what's preventing companies from going beyond pilots and getting enterprise-wide ROI from agentic AI?</b></p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/widener_china.jpg" alt="China Widener, Deloitte Vice Chair and U.S. Technology, Media & Telecommunications Industry Leader">China Widener </div> <p><b>China Widener:</b> It is more than one thing, without question, but central to all the things is this idea of clarity around the vision. There's now, there's next, and there's the future, and each one wrought value. The question is, what are you starting with?</p> <p>This is not a technology problem -- the tech works. The question is in what context and to what end, which is about the vision the organization has for itself.</p> <p>You can extract value in the form of cost containment or mitigation and create value through growth, new products, tools and services or a change of experiences. Where you start your journey is a function of understanding what your goals are. What you identify then becomes the set of questions.</p> <p>More than half of companies in our survey are early stage or don't have a strategy. That's a challenge because you don't have a roadmap for where you are going or a way to judge the progress you're making, let alone the steps to take.</p> <p><b>Deloitte's 2026 "State of AI in the Enterprise" survey </b><a target="_blank" href="https://www.deloitte.com/us/en/what-we-do/capabilities/applied-artificial-intelligence/content/state-of-ai-in-the-enterprise.html" rel="noopener"><b>captured insights</b></a><b> from more than 3,200 business and IT leaders directly involved in AI initiatives. Only a third said they used AI to truly transform their business. The report suggested that's because most are still focused on training employees for AI fluency and haven't done enough to redesign work. Why is redesigning work so important?</b></p> <p><b>Widener:</b> There's value that simply comes from doing a task faster. The notion of <a href="https://www.techtarget.com/searchenterpriseai/feature/AI-upskilling-strategies-that-center-workers-not-tech">upskilling and getting people AI fluent</a> is to get them hands on -- to touch AI, work with it and utilize it when executing their daily duties. Nothing about their job has changed; it's just whether they can do it faster, more efficiently or with more precision.</p> <p>There's a step in the process that asks how to use AI to augment an employee's cognitive skill set. Research shows the greatest lift is leveling up employees to create a certain level of cognitive parity. But if you just apply it to the work they already do, you make what they do efficient but haven't asked whether they need to do it anymore.</p> <p>Redesigning work allows you to change the way time is spent and on what. Today, a function may have 17 tasks associated with it. If we redesign the work itself, there may only be 10 tasks in the future because some of them can be executed through some form of automation. You've freed up significant time and can give that same person different or additional work. They can focus on the 10 tasks that you can't automate or shouldn't automate and really require human judgment.</p> <p><b>Many workers are worried about losing their jobs or jobs changing so much that they can't keep up. How should organizations handle training and upskilling so employees trust they'll get help moving into new roles?</b></p> <p><b>Widener:</b> It's like most things. There's an evolutionary path of travel. You don't wake up on Tuesday and suddenly have adopted and adapted to the technological change. You start to make things available to employees so they can take the work they already know how to do but augment it and do it faster -- a research job, for example. Ultimately, the research can happen in a more comprehensive, quicker way. The product you produce, which is still your product, is produced with greater quality and more robustness because you've had access to those tools.</p> <p>Then there's moving the individual forward to cognitive enhancement or support of their thought process and giving them access to tools for that. It's this stepping approach that moves employees forward to having an agent that will execute some of the most repeatable functions. But where judgment and quality are required, the human takes on managing the agent.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> This is not a technology problem -- the tech works. The question is in what context and to what end. </figure> <figcaption> <strong>China Widener</strong>Vice chair, Deloitte </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>You have to step a workforce through that. It's not just training. Some organizations approach it as just needing to upskill people. Upskilling is important but it's not the whole story.</p> <p>There's also a <a href="https://www.techtarget.com/searchenterpriseai/tip/Get-AI-change-management-right-A-checklist-for-success">change management aspect</a>. Our research has shown that some things are underrated by leaders in organizations -- things like redesigning roles. AI fluency matters, and it enables adoption and execution -- hard measurables, such as how much time was saved and what degree of revenue was generated. Those things are tangible and easily calculable.</p> <p>The intangibles, though, are equally important, and that's the change management function: how you are thinking about the operating model of the organization when you have this technological capability available to you.</p> <p><b>What agentic AI use cases are you seeing in the industries in your purview?</b></p> <p><b>Widener:</b> We were just having this conversation about agentic AI and its capacity to be creative and create efficiency, productivity and effectiveness. It begs a natural question for any organization, whether you are growing, concerned about being disintermediated or looking for your next corporate strategy to <a href="https://www.techtarget.com/searchcio/feature/Agentic-ai-in-practice-lessons-from-real-deployments">take full advantage of agentification</a> and the opportunities it creates.</p> <p>Agentification isn't impacting every industry in exactly the same way. In some industries, it looks more internally focused and efficiency-driven and changes back-office functionality. For others, such as the entertainment industry, there is impact to the core of the business, the creativity of storytelling. It has a different impact in that industry vs. hardware, where it may be about changing the management of a supply chain.</p> <p><b>What are clients' most frustrating challenges in taking agentic AI beyond the pilot stage and getting enterprise-wide use from it?</b></p> <p><b>Widener:</b> That <i>is</i> the biggest pain point. Most companies have done some form of experimentation or pilot. Some think of it as pilot purgatory because the percentage of pilots they've been able to take to scale has been less than 20%. The value proposition of agentification isn't in question. What <i>is</i> in question is how to reap the value and benefit from it faster and at scale.</p> <p>The challenges that have arisen start with the pilot itself and whether it has been constructed to solve an enterprise problem versus solving a particular productivity problem in isolation for a few or one specific use case. But is that use case one that should be scaled, and is it scalable?</p> <p>Technological and <a href="https://www.techtarget.com/searchdatamanagement/tip/Experts-share-practices-to-overcome-AI-data-readiness">data choices</a> get made in pilots that don't scale later. The pilot can't be framed against a narrow use case. It has to be framed against the broader infrastructure, understanding the bigger data questions that might arise and recognizing that governance will be significant. A data-quality question in a pilot might be manageable because the pilot is small but no longer manageable when you scale. You have to decide the scale questions as part of the pilot, not build the pilot and say you'll worry about scale questions later.</p> <p><b>What should companies put in place to approach agentic AI from a scalability viewpoint and execute on that level?</b></p> <p><b>Widener:</b> Pilots tend to grow in a fairly organic way: Organizations buy access to a particular <a href="https://www.techtarget.com/whatis/definition/large-language-model-LLM">LLM</a> or AI tool and unleash it on the body as a whole and let people who do a job use the tools to improve something. Then they harvest the best of those ideas and look at whether they should be scaled.</p> <p>There are organizations that have instead taken a broader, top-down or enterprise approach and said, "These are the tool sets we want to utilize, and here's where we want to focus them."</p> <p>What's critical in all this, no matter which end of the spectrum you start from, is having a disciplined approach to agentifying any aspect of the business. It doesn't matter who the stakeholder is. If you have a consistent and disciplined approach by which ideas are evaluated and their proposed value is calculated, and you understand the technical implications, then you can get to real consistency.</p> <p>No organization agentifies overnight. Every organization starts in some way -- maybe by capability, maybe by business unit. But if you don't have a consistent and disciplined evaluative process, everybody starts in a different place, calculates a different benefit and executes against a different vision.</p> <p>A disciplined approach requires a few components. One is clarity on how you'll choose goals. Is it about cost? Growth? Experience? You have to be clear because there are things that are a better fit for agentification that may bring middle value. Some things may bring higher value, but the fit's going to be a heavier lift.</p> <p>You also need standards and protocols to evaluate those things to arrive at the right place for your agentification bet, based first and foremost on what you value, and then moving the organization on a periodic basis through the same evaluation to arrive at a focus. You'll get consistency and clarity and understand what you're spending money on, what value to expect in return and be able to calculate and monitor that value.</p> <p><b>Agentic AI is trendy, but it's happening in a broader context that includes </b><a href="https://www.techtarget.com/searchenterpriseai/definition/generative-AI"><b>generative AI</b></a><b> and large language models, some of which are older. What are the foundational elements of agentic AI that business and IT leaders should focus on first?</b></p> <p><b>Widener:</b> The more autonomy you want your agents to have, the more important your governance and data quality are, because an autonomous agent is going to work independently. It's not going to seek permission to execute. And the more autonomy you create, the greater the security that is necessary. They are important at the start because they become even more important as you reach more and more autonomy.</p> <p><b>Deloitte introduced a tool called Enterprise AI Navigator. What is it, and how do people get it?</b></p> <p><b>Widener:</b> It was created because there wasn't a consistent tool out there that allowed organizations to have the kind of disciplined approach that is applicable in the moment and in the future.</p> <p>It is not something we sell to clients as a product but the tool we use to help clients move through their agentic journey and arrive at both their roadmap and the outcomes they have identified. It allows you to have greater confidence in the choices you've made.</p> <p>Your future workflow -- the change to the work itself that we talked about -- is proposed so you see it before the first agent is coded. You understand what your future is going to look like and can start to understand how your operating model changes and the changes you need to make to the workforce in terms of training, upskilling or job shift. You know all of that going in.</p> <p>Today, those are things discovered along the way, and that's what contributes to pilot purgatory. You need to know them when you start your agentic journey, not when you're already in it.</p> <p><i>David Essex is an industry editor who creates in-depth content on enterprise applications, emerging technology and market trends for several Informa TechTarget websites.</i></p> Deloitte exec says redesigning work is key and explains how to do it without stoking job-loss fears -- but only after a rigorous goal-setting process that sets clear priorities. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a199952058.jpg https://www.techtarget.com/searcherp/news/366641954/How-to-escape-agentification-pilot-purgatory-for-scalable-AI Fri, 17 Apr 2026 14:19:00 GMT How to escape agentification pilot purgatory for scalable AI <p>A North Korean social engineering campaign targeting macOS users tricked its victims into manually executing malicious files by impersonating a software update led to the theft of credentials, crypto assets, and personal data, <a href="https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/" target="_blank" rel="noopener">according to Microsoft’s Threat Intelligence unit, MSTIC</a>.</p> <p>In a new report published this week, MSTIC exposed the campaign – run by a threat actor tracked as Sapphire Sleet – which highlights how convincing user prompts and trusted system tools are still a highly-valuable tool for attackers of all stripes. This particular campaign, said MSTIC, demonstrated some new combinations of macOS-focused techniques that, though not novel in and of themselves, come as something of a surprise from a threat actor like Sapphire Sleet.</p> <p>MSTIC explained how the group is now shifting attack execution away from the exploitation of software vulnerabilities and <a href="https://www.techtarget.com/searchsecurity/definition/social-engineering" target="_blank" rel="noopener">into a “user-initiated” context</a>. Crucially for Sapphire Sleet, this enables its attack chain to move ahead beyond the oversight of macOS’ onboard protections, like Transparency, Consent and Control (TCC), Gatekeeper, quarantine enforcement, and notarisation checks.</p> <p>“Sapphire Sleet achieves a highly reliable infection chain that lowers operational friction and increases the likelihood of successful compromise – posing an elevated risk to organisations and individuals involved in cryptocurrency, digital assets, finance, and similar high‑value targets that Sapphire Sleet is known to target,” said the MSTIC team.</p> <p>“After discovering the threat, Microsoft shared details of this activity with Apple as part of our responsible disclosure process.”</p> <section class="section main-article-chapter" data-menu-title="A danger to financial services"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A danger to financial services</h2> <p>Backed by the isolated, reclusive and destitute regime in Pyongyang, Sapphire Sleet has been operational since about March 2020 and is suspected to have links to <a href="https://www.techtarget.com/searchsecurity/news/366619872/FBI-Lazarus-Group-behind-15-billion-ByBit-heist" target="_blank" rel="noopener">the rather more notorious Lazarus operation</a>.</p> <p>According to MSTIC, it specialises in targeting the financial services sector, including venture capital firms and organisations involved in blockchain and cryptocurrency. Its prime motivation is to loot its victims’ crypto wallets to generate revenue for its paymasters, and to steel intellectual property (IP) and tech secrets related to blockchain and crypto trading.</p> <p><a href="https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/#who-is-sapphire-sleet">Sapphire Sleet</a> is a North Korean state actor active since at least March 2020 that primarily targets the finance sector, including cryptocurrency, venture capital, and blockchain organizations. The primary motivation of this actor is to steal cryptocurrency wallets to generate revenue, and target technology or intellectual property related to cryptocurrency trading and blockchain platforms.</p> <p>In this campaign, its playbook saw the group run fake recruitment profiles on professional networking and social media sites, through which selected targets were roped into conversations about job opportunities. ‘Successful’ candidates were then invited to a technical interview during which they were directed to install Sapphire Sleet’s malware, disguised as a software developer kit (SDK) update for the Zoom videoconferencing tool.</p> <p>The file, <i>Zoom SDK Update.scpt</i> was a compiled AppleScript that opened by default in macOS Script Editor, a trusted Apple application that can execute arbitrary shell commands. Victims were lured into a false sense of security with large blocks of decoy upgrade instructions that mimicked a routine software update. Beneath this text was inserted thousands of blank lines to push the malicious script beyond the immediately scrollable view – a crude but effective technique.</p> <p>The script then launched a command to launch a trusted Apple-signed process to reinforce the appearance of a genuine update. Following this, it executed its malicious payload, retrieving threat actor-controlled content via curl, and passing it back to be run. This content also took the form of an AppleScript so that it could again launch within Script Editor to initiate delivery of the final payload – the attack orchestrator – for system reconnaisance and other operations.</p> <p>Data exfiltrated by Sapphire Sleet during these attacks is known to have included Apple notes data, crypto wallet data, browser data and keychain information, and Telegram credentials and session data, among other things.</p> </section> <section class="section main-article-chapter" data-menu-title="Next steps"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Next steps</h2> <p>Behind the scenes, Apple has already implemented platform-level protections to detect and block Sapphire Sleet’s infrastructure and malwares, and deployed browsing protections in Safari. It has also issued new signatures to detect and block the malwares associated with the campaign, which should already have been received by devices running macOS.</p> <p>MSTIC advised organisations that may be at risk of falling victim to this – or similar – campaigns, should conduct user education on threats emanating from social media and external platforms, especially outreach that seems to require they download software or virtual meeting tools, or execute terminal demands.</p> <p>Security teams may also wish to consider blocking or restricting the execution of compiled AppleScript files and unsigned Mach-O binaries downloaded from the internet. Any such files downloaded from external sources should of course be rigorously inspected and verified. It may also be wise to limit or at least audit the use of curl, particularly when piped to interpreters.</p> <p>Defenders should also monitor for unauthorised modifications to the macOS TCC database, a feature of this campaign, and audit LaunchDaemon and LaunchAgent installations</p> <p>MSTIC also advised organisations and users to be cautious when copying and pasting sensitive data related to cryptocurrency, such as wallet addresses or credentials, and to check and verify the pasted content matches the intended source, and to protect crypto wallets and rotate any browser-stored credentials.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about social engineering</h3> <ul class="default-list"> <li>NCSC advises on countermeasures for high-risk individuals over phishing attacks on encrypted messaging services, <a href="https://www.computerweekly.com/news/366641058/NCSC-warns-high-risk-individuals-of-Signal-and-WhatsApp-social-engineering-attacks" target="_blank" rel="noopener">such as Signal, WhatsApp and Facebook Messenger.</a></li> <li>Computer Weekly gets under the skin of an ongoing wave of ShinyHunters cyber attacks orchestrated via social engineering <a href="https://www.computerweekly.com/feature/ShinyHunters-Salesforce-cyber-attacks-explained-What-you-need-to-know" target="_blank" rel="noopener">against Salesforce users</a>.</li> <li>Organizations and employees must both do their part to prevent and avoid social engineering attacks. <a href="https://www.techtarget.com/searchsecurity/tip/How-to-avoid-and-prevent-social-engineering-attacks" target="_blank" rel="noopener">A combination of security controls, policies, procedures and training is necessary. </a></li> </ul> </div> </div> </section> A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by Microsoft’s Threat Intelligence Unit. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/cyber-security-network-lock-adobe.jpeg https://www.computerweekly.com/news/366641953/North-Korean-social-engineering-campaign-targets-macOS-users Fri, 17 Apr 2026 14:13:00 GMT North Korean social engineering campaign targets macOS users <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{20}" paraid="1666243549"><span xml:lang="EN-US" data-contrast="auto">As healthcare organizations continue to embrace AI-powered tools, effective third-party risk management strategies and supply chain transparency remain essential to safeguarding operations. As such, the Health Sector Coordinating Council (HSCC) developed </span><a rel="noreferrer noopener" target="_blank" href="https://healthsectorcouncil.org/ai-cyber-thirdparty/"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">guidance</span></span></a><span xml:lang="EN-US" data-contrast="auto"> to identify critical third-party AI risks and provide recommendations for managing them.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{64}" paraid="574820947"><span xml:lang="EN-US" data-contrast="auto">The HSCC established a third-party task group on AI risk and supply chain transparency, composed of industry leaders, to explore these issues. It encouraged healthcare organizations to distribute the document to senior leadership and evaluate their own third-party and supply chain risk management programs against the best practices outlined in the guidance.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{86}" paraid="924046051"><span xml:lang="EN-US" data-contrast="auto">"The healthcare sector's accelerating adoption of artificial intelligence has dramatically expanded its dependence on third-party tools and services, introducing complex cybersecurity challenges that traditional risk management models cannot adequately address," the document stated. </span><span data-ccp-props="{}"> </span></p> </div> <div> <h2 paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{98}" paraid="190396402" aria-level="2" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 2">Third-party AI tools come with hidden risks</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{104}" paraid="1259528242"><span xml:lang="EN-US" data-contrast="auto">From </span><a rel="noreferrer noopener" target="_blank" href="https://www.healthcaredive.com/news/ai-artificial-intelligence-scribes-reductions-ehr-documentation-time-jama/816400/"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">AI-driven clinical decision support tools</span></span></a><span xml:lang="EN-US" data-contrast="auto"> to </span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/revcyclemanagement/feature/Agentic-AI-evolution-begins-to-pave-way-for-autonomous-revenue-cycle"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">revenue cycle automation</span></span></a><span xml:lang="EN-US" data-contrast="auto"> and remote monitoring devices, AI is quickly becoming embedded in healthcare systems. While these tools promise great value, they also open healthcare organizations up to unprecedented risk, the task group suggested. </span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{130}" paraid="412275437"><span xml:lang="EN-US" data-contrast="auto">Those risks include limited visibility into AI components sourced through supply chains, challenges with verifying vendor security postures and vendors shifting risk to healthcare organizations using one-sided contract language. </span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{140}" paraid="498011334"><span xml:lang="EN-US" data-contrast="auto">What's more, issues like unreported AI cybersecurity risks, such as training data leakage and synthetic data misuse, can put healthcare organizations in a difficult position when it comes to managing security and compliance.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{156}" paraid="1392977322"><span xml:lang="EN-US" data-contrast="auto">"Acceleration of change of AI infrastructure, algorithms, and models at unprecedented rates introduce complexity, steep learning curves, an ever-evolving set of new and updated risks, and an exponentially complex and broad attack surface," the document added.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{166}" paraid="759683976"><span xml:lang="EN-US" data-contrast="auto">The task group stressed that organizations of all sizes and sophistication levels can and should adopt its best practices as they work to balance AI innovation with cybersecurity risk.</span><span data-ccp-props="{}"> </span></p> </div> <div> <h2 paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{178}" paraid="1766746899" aria-level="2" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 2">Best practices, implementation guidance</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{184}" paraid="89279767"><span xml:lang="EN-US" data-contrast="auto">The HSCC identified several best practices centered on governance, legal protections and tried-and-true cybersecurity protocols. The document also provides detailed guidance on every phase of AI adoption, from vendor evaluation to ongoing performance management.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{190}" paraid="1353226496"><span xml:lang="EN-US" data-contrast="auto">Under HIPAA, healthcare organizations are required to maintain technical and administrative safeguards to protect against cyber risks. However, HIPAA was enacted in 1996, long before the widespread adoption of AI changed the nature of healthcare ecosystems.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{200}" paraid="2124871854"><span xml:lang="EN-US" data-contrast="auto">The HSCC's guidance outlines AI-specific considerations for established best practices, highlighting the ways in which healthcare organizations should evaluate, adopt and maintain AI-powered technologies.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{216}" paraid="616813189"><span xml:lang="EN-US" data-contrast="auto">The recommended best practices include developing comprehensive AI governance policies, AI use-case justification requirements and model contract language that addresses data ownership, AI training and performance standards. The guidance also suggests that organizations include AI-specific clauses in their business associate agreements.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{9d35397c-d1d9-43f7-bc20-cc25b3a172ea}{228}" paraid="86891055"><span xml:lang="EN-US" data-contrast="auto">Inventory and asset management, quality assurance, model validation and response and recovery planning -- in coordination with AI vendors -- are all crucial to mitigating risk, the guidance document notes. </span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{7e6051a5-b80a-4cef-9a9f-1ad44372bb5a}{1}" paraid="1640387348"><span xml:lang="EN-US" data-contrast="auto">Putting these best practices to use requires a measured approach and will look different depending on organization size and sophistication. Regardless of size, healthcare organizations using AI should establish AI governance bodies, enact shared responsibility models with AI vendors and manage the AI lifecycle from initial procurement to end-of-life, the HSCC said.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{7e6051a5-b80a-4cef-9a9f-1ad44372bb5a}{21}" paraid="279008008"><span xml:lang="EN-US" data-contrast="auto">As healthcare organizations continue to integrate AI into their workflows, they must carefully consider third-party risk management and vendor transparency.</span><span data-ccp-props="{}"> </span></p> </div> <div> <p paraeid="{7e6051a5-b80a-4cef-9a9f-1ad44372bb5a}{49}" paraid="37317119"><em><span xml:lang="EN-US" data-contrast="auto">Jill Hughes has covered health tech news since 2021.</span></em></p> </div> The Health Sector Coordinating Council's latest guidance aims to define accountability and performance expectations as healthcare increasingly relies on third-party AI tools. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1183318665.jpg https://www.techtarget.com/healthtechsecurity/news/366641823/New-HSCC-guidance-tackles-third-party-AI-risk Fri, 17 Apr 2026 14:12:00 GMT New HSCC guidance tackles third-party AI risk <p>Downtime in a data platform rarely behaves like a neat, time-boxed IT event. Without quick disaster recovery, the business could incur significant costs.</p> <p>During a data loss event, the business loses more than dashboards. Teams pause work, leaders defer critical decisions, revenue operations run with visibility gaps and high-cost specialists manage <a href="https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan">incident response</a>. Even after service restoration, leaders must validate recovered assets, reconcile discrepancies and rebuild confidence before resuming operations. That post-recovery window is often the difference between "system up" and "business back."</p> <p>Outage <a target="_blank" href="https://uptimeinstitute.com/resources/research-and-reports/annual-outage-analysis-2025" rel="noopener">research</a> from 2025 by the Uptime Institute and a 2024 <a target="_blank" href="https://itic-corp.com/itic-reports-surveys/" rel="noopener">report</a> from Information Technology Intelligence Consulting show that the cost of significant incidents typically exceeds $100,000, meaning just one or two outages can account for most of a year's downtime risk.</p> <p>The cost of downtime can be measured. Disaster recovery (DR) is a decision about cost and risk: how much it costs and how much loss it helps avoid. Business leaders can determine that risk in financial terms without building a complex risk model. By calculating downtime cost per hour (DCH) and using incident history to estimate annual expected loss (AEL), leaders can compare <a href="https://www.techtarget.com/searchdatabackup/feature/The-cost-of-downtime-and-how-businesses-can-avoid-it">today's risk</a> to the reduced risk after a DR investment.</p> <section class="section main-article-chapter" data-menu-title="Step 1: Build an auditable DCH"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Step 1: Build an auditable DCH</h2> <p>Start with a simple question: if the data platform is down -- or giving incorrect data -- for one hour, what does that hour cost the organization?</p> <p>Breaking down the cost into components makes estimates easier to review. If people disagree about a cost, estimate it using a low, medium and high range instead of pretending to be precise.</p> <p>Add the components to calculate DCH. In this example, one hour of downtime costs $6,440.</p> <p><iframe title="How to calculate DCH" aria-label="Table" id="datawrapper-chart-AUuPs" src="https://datawrapper.dwcdn.net/AUuPs/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="524" data-external="1"></iframe></p> </section> <section class="section main-article-chapter" data-menu-title="Step 2: Identify hidden costs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Step 2: Identify hidden costs</h2> <p> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </p> <p>The outage itself shows only the visible costs. Hidden costs appear after the platform is available. Ignoring these costs understates the affect of a data loss event, since much of the expensive work starts after recovery.</p> <p>Organize the less obvious costs that appear after an incident into the following categories:</p> <ul class="default-list"> <li><b>Reprocessing and extra compute costs.</b> Rerunning jobs, using extra warehouse capacity and paying any additional data transfer fees.</li> <li><b>Time to check and validate data.</b> Data engineers, analytics and finance teams verifying restored data is complete, correct and trustworthy.</li> <li><b>Fixing reports and redoing work.</b> Correcting KPIs, revising updates and handling the disruption caused by changing numbers.</li> <li><b>Contract and regulatory exposure.</b> Incorrect or late reporting can be as damaging as missing reporting, <a href="https://www.techtarget.com/searchdatamanagement/tip/Data-governance-regulations-that-executives-should-know">leading to hefty fines</a> or penalties.</li> <li><b>Lost time and delayed progress.</b> Roadmap work slows or stops while teams divert effort to rework, audits and rebuilding confidence in data.</li> <li><b><a href="https://www.techtarget.com/searchdatamanagement/tip/How-cyber-insurance-requirements-reshape-backup-architecture">Insurance</a> changes.</b> After a serious incident, organizations can expect higher premiums, higher deductibles and reduced coverage at renewal.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Step 3: Show how DR reduces risk and costs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Step 3: Show how DR reduces risk and costs</h2> <p>An untested DR plan might not work when needed. To evaluate DR investments, show how technical capabilities change downtime, data loss and recovery costs. As a practical rule, prioritize controls that detect problems faster, recover faster and limit how much data is affected.</p> <ul class="default-list"> <li>Shorter recovery time objectives (<a href="https://www.techtarget.com/whatis/definition/recovery-time-objective-RTO">RTO</a>) to bring the systems back online faster.</li> <li>Shorter recovery point objectives (<a href="https://www.techtarget.com/whatis/definition/recovery-point-objective-RPO">RPO</a>) for less data loss by restoring from a more recent point in time.</li> <li>Better DR reduces severe outcomes, such as long outages or widespread data corruption.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Step 4: Calculate DR ROI using expected loss"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Step 4: Calculate DR ROI using expected loss</h2> <p>After calculating DCH and incident costs, evaluate DR by estimating expected loss with the following equation:</p> <p><b>Annual Expected Loss (AEL)</b> = (Annual downtime hours × DCH) + (Annual incidents × Cost per incident)</p> <p>Organizations should use their own incident history where possible. External incident-cost benchmarks -- such as IBM's annual <i>Cost of a Data Breach</i> <a target="_blank" href="https://www.ibm.com/reports/data-breach" rel="noopener">report</a> -- can confirm whether the estimate is reasonable.</p> <p>With a baseline AEL, calculate an improved AEL that reflects the use of DR investments.</p> <p>Identify the annual cost of DR investments, and how much it reduces downtime and incident costs. Then use the following equation:</p> <p><b>Improved AEL </b>= (New annual downtime hours × DCH) + (Annual incidents × New cost per incident)</p> <p>Find the risk reduction value with the following equation.</p> <p><b>Risk reduction value </b>= Baseline AEL – Improved AEL</p> <p>Finally, to calculate ROI, use the following equation.</p> <p><b>ROI</b> = (Risk reduction value – DR costs) / DR costs</p> <p>If the organization supports multiple data products, group them by how critical they are to the business. For example:</p> <ul class="default-list"> <li>Tier 0: Billing, finance and fraud.</li> <li>Tier 1: Forecasting and measurement.</li> <li>Tier 2: Exploration.</li> </ul> <p>For each tier, document the target <a href="https://www.techtarget.com/searchstorage/feature/What-is-the-difference-between-RPO-and-RTO-from-a-backup-perspective">RTO/RPO</a> and the steps required to complete time to restore trust. This keeps resilience spending proportional to <a href="https://www.techtarget.com/searchstorage/definition/business-impact-analysis">business impact</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Downtime cost example"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Downtime cost example</h2> <p>Using the example from Step 1, assume a DCH of $6,440 per hour, 12 hours of downtime per year and two data-loss/corruption events per year at $9,000 each.</p> <ul class="default-list"> <li><b>Downtime loss:</b> 12 × $6,440 = $77,280</li> <li><b>Event loss:</b> 2 × $9,000 = $18,000</li> <li><b>Baseline AEL:</b> $77,280 + $18,000 = $95,280</li> </ul> <p>Now assume DR costs $25,000 per year, reduces downtime to 4 hours per year and reduces event cost to $5,000.</p> <ul class="default-list"> <li><b>Improved AEL:</b> (4 × $6,440) + (2 × $5,000) = $35,760</li> <li><b>Risk reduction value:</b> $95,280 − $35,760 = $59,520</li> <li><b>ROI:</b> ($59,520 − $25,000) / $25,000 = 138%</li> </ul> <p>Based on these calculations, investing in DR cuts annual losses by more than half and delivers a 138% return, meaning the avoided losses are more than double the cost of DR.</p> <p><em>Helen Searle-Jones holds a group head of IT position in the manufacturing sector. She draws on 30 years of experience in enterprise and end-user computing, utilizing cloud and on-premise technologies to enhance IT performance.</em></p> </section> Downtime in the organization spotlights revenue and operational risk. Business leaders can use cost estimates to focus recovery spending where outages cause the greatest loss. https://cdn.ttgtmedia.com/rms/onlineimages/money_g1189523318.jpg https://www.techtarget.com/searchdisasterrecovery/tip/What-downtime-and-data-loss-really-cost-the-business Fri, 17 Apr 2026 13:39:00 GMT What downtime and data loss really cost the business <p>I spent some time at Canva Create this week, and, as events go, it's wildly different from the normal events I'm at. Canva, historically, has been made by and for designers, and this comes through loud and clear at the event. But here's the thing: Canva has many of the parts needed to become the future of not just design (an area I won't pretend to know that well), but knowledge work in general.</p> <p>Last year, I also attended this event, and my main takeaway was that there's a large, grassroots user base of Canva, and that the company was using this to make a pivot to enterprise. There was the usual AI this-and-that, but the single most important thing I learned was that behind all the vibes and colors and tools was a massive data layer. This data layer is accessible to all the document types, code and workflows in Canva, and it's specifically used in the context of Canva Sheets. Sheets is a spreadsheet feature, but it's less of a Microsoft Excel or Google Sheets alternative than it is a software-defined, customizable view into the contents of the data layer. I <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/Canva-The-business-productivity-app-flying-under-ITs-radar">left Canva Create 2025</a> thinking two things:</p> <ul class="default-list"> <li>That was the coolest keynote I've ever seen.</li> <li>These guys could really be successful if they decide to branch out past creatives and really go after enterprise use cases.</li> </ul> <p>In the intervening 12 months, Canva released its own AI model and built and trained more than a hundred other models that are used for specific tasks. This enabled it to build lots of AI tools that focused on things like image generation, image layering, video generation, etc. For a lot of these specialized tasks, Canva's fine-tuned models are coming in cheaper and faster than the big, general-purpose frontier ones with comparable output quality -- a quiet but significant signal about where AI is going.</p> <p>This is glossing over a lot of work, but it all culminated in what was released this week: Canva AI 2.0. And while there are significant improvements to Canva's design capabilities that deserve attention, even Canva has started referring to itself not as a "design company with AI," but as an "AI company that does design."</p> <p>Cliff Obrecht, Canva's co-founder, took it a step further, putting Canva alongside Google and Microsoft as "the third productivity suite." It's the first time I've heard this from Canva directly, and it's one of the reasons I left the event thinking, "This is the future of all knowledge work."</p> <section class="section main-article-chapter" data-menu-title="Canva is becoming the second brain"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Canva is becoming the second brain</h2> <p>Canva AI 2.0 introduced a concept called <i>memories</i>, and among the types of memories that Canva stores are organizational (brand) memories and personal memories. Organizational memories include things like brand guidelines and company voice. Admins (or brand leaders) can configure these memories and push them out to everyone in an organization, ensuring that all content, including AI-generated content, adheres to brand guidelines. This is really useful, but the real eye-opener was personal memories.</p> <p>To build a personal memory, Canva scans all the documents a user has created, learning their voice, their style, their perspective. It spans all document types, including those that have been uploaded into Canva or that are accessible through connectors to other corporate information stores, such as Microsoft Office or Google. In this way, it builds a model of each end user, just like the <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/The-promise-and-concern-around-end-user-AI-second-brains">second brain concept</a> that's been transforming knowledge work. These memories are stored as editable Canva documents that users can browse and modify directly, which is very similar to how second brains work.</p> <p>This, coupled with agentic features like scheduled tasks and collaborative work planning and execution, means that Canva is effectively bringing the concept of the second brain to the masses in a way that's immediately personal and useful. This is coming at the perfect time, because while second brain implementations are great for developers and power users that aren't afraid to get their hands dirty, they're not for the faint of heart.</p> <p>Is Canva's attempt to bring the idea of the AI co-collaborator exactly the same as a second brain? No. It's missing most of the knobs and dials and full-on agentic features that developers and power users would want. But that's not who it's for. It's <a href="https://www.techtarget.com/searchcustomerexperience/feature/How-AI-will-affect-the-future-of-content-marketing">for designers and marketers</a> and, increasingly, other roles.</p> </section> <section class="section main-article-chapter" data-menu-title="Going beyond design"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Going beyond design</h2> <p>The core of Canva's story is around designers, for sure. That's its pedigree, and the creative aura is persistent everywhere you look. But if you follow the trail of breadcrumbs, you can see glimpses of the path Canva is on. It's a path that I think Canva sees, too, but I'm honestly not sure. It's not as cool, and the vibes are decidedly more low-key, but Canva is -- purposely or not -- on a path to disrupt workplace productivity in general in the very near future.</p> <p>It starts with the aforementioned Sheets, but we all know displacing Excel is effectively impossible. It's really powerful to still be able to ingest Excel docs or Google Sheets into Canva's data layer, then use that to create presentations, proposals, etc. with seamlessly integrated AI. In fact, Canva only has one file type for everything it does, so it can optimize its AI for a single file type rather than having to figure out how to work with dozens of different formats.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> If design, marketing, and now sales start using Canva, the company suddenly has a huge footprint in an organization. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>This isn't the same experience you get with Office 365 and Copilot, or even Google Workspace with Gemini. Sprinkled in among the various content creation and graphics design conversations were other things that have typically resided in the less creative corners of knowledge work: pitch deck creation, product messaging documents, go-to-market workflow and campaign tracking, <a href="https://www.channelfutures.com/channel-business/is-your-customer-tuning-out-the-qbr-">QBRs</a>, etc.</p> <p>Campaign tracking and QBRs stick out to me because they're without a doubt more data-driven, business-focused workflows and outputs that aren't usually thought of in the same breath as the design side. (Surely they're connected, but I've never attended a QBR that required a graphic designer, and there's an entire marketing tech angle that should also be explored.) They are, however, the next rung up the ladder as Canva grows from grassroots, product-led growth to widespread use across the enterprise. And again, the AI is seamlessly integrated everywhere.</p> <p>If design, marketing, and now sales start using Canva, the company suddenly has a huge footprint in an organization. If other use cases are adopted, organizations might eventually wise up to the fact that they've got so many workplace productivity suites in use that they want to consolidate. And by then, Canva might have very well earned a seat at the table as those organizations choose which ones to continue investing in strategically.</p> <p>Could Microsoft and Google catch up? Maybe. Microsoft seems to have a more complex problem to solve, weaving AI and Copilot into everything without making it feel bolted on, but it also has the longest runway to make changes. <a href="https://www.techtarget.com/searchenterpriseai/news/366585309/Google-Gemini-generative-AI-hits-all-products-including-Search">Google and Gemini seem a bit more integrated</a>, but neither appears to be as naturally integrated as Canva today. I'm not saying Canva will take over, but I am considering it a breath of fresh air that appears to be nimbler and more in touch with the way the world seems to be moving.</p> <p>A few other thoughts:</p> <ul class="default-list"> <li>Canva announced an offline mode that lets you download documents and work with them while disconnected. This is presumably done using a progressive web app and some sort of file download. Nice to have, for sure, but it got me thinking about the device-level capabilities. If Canva has all these models, some of which are rather small, would it be able to use on-device inference resources like the NPU on an AI PC? This would lighten the load on Canva's data centers and also enhance the offline experience.</li> <li>Canva Enterprise customers benefit from Canva Shield, which is a set of policies that includes indemnification for AI outputs that would <a href="https://www.techtarget.com/whatis/feature/AI-lawsuits-explained-Whos-getting-sued">infringe on any other creator's intellectual property</a>. I haven't seen this before, and I think it's worth pointing out because it's the kind of thing you don't see from the frontier models.</li> <li>I'd be curious to see what memories organizations and admins have access to. Second brains can be personal and portable across models. Canva's approach is locked within Canva, which can unlock some amazing functionality and efficiency, but it also introduces some potential concerns that the company should address. It's one thing to provide a tool to make end users more productive. It's another for an organization to take those memories and use them to build digital twins that could ultimately reduce the need for (or outright replace) the workers themselves. To be fair, this isn't a Canva problem as much as a broader <a href="https://www.techtarget.com/searchenterpriseai/tip/Generative-AI-ethics-8-biggest-concerns">issue in the AI age</a>: Where is the line between corporate IP and acquired human skills that the company has hired?</li> </ul> <p>There's a lot to think about here, but I really do think that we're getting glimpses of the future of knowledge work. Whether or not it will be Canva is another story, but the company is proving new ground in bringing agentic AI to the hands of end users in a very Canva-like way, and we're all sure to learn something from it that will be useful as AI continues to transform the digital workspace.</p> <p><i>Gabe Knuth is the principal analyst covering end-user computing for Enterprise Strategy Group, now part of Omdia.</i></p> <p><i>Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.</i></p> </section> With Canva AI 2.0, the company appears to be evolving from a design tool into a full-fledged, AI‑powered productivity platform that could reshape knowledge work. https://cdn.ttgtmedia.com/visuals/digdeeper/6.jpg https://www.techtarget.com/searchenterprisedesktop/opinion/Canva-is-showing-us-a-glimpse-of-knowledge-works-future Fri, 17 Apr 2026 12:58:00 GMT Canva is showing us a glimpse of knowledge work's future <p>The rise of generative AI is decentralizing software development in the enterprise. With the help of <a href="https://www.techtarget.com/searchenterpriseai/tip/Low-code-no-code-tools-simplify-AI-customization-for-engineers">low-code/no-code platforms</a>, AI-powered business users, also known as <a href="https://www.techtarget.com/searchsoftwarequality/definition/citizen-development">citizen developers</a>, are building applications, automating workflows and experimenting with tools without ever writing a single line of code.</p> <p>In many cases, users simply describe what they want to build using natural language interfaces, while AI handles much of the underlying logic. This accessibility means that what once required specialized engineering skills can now be accomplished through a prompt, a drag‑and‑drop interface or an AI‑generated workflow.</p> <p>As a result, software development is no longer confined to IT. It's becoming a distributed capability throughout the enterprise, driven by employees who understand their business problems better than anyone else.</p> <p>For enterprise leaders, this shift introduces both opportunity and complexity: greater speed and responsiveness on one hand; on the other, the need to maintain visibility, enforce governance and control risk as development moves beyond centralized IT.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/m5mLiSnX8wk?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.theserverside.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <section class="section main-article-chapter" data-menu-title="The rise of the AI-powered citizen developer"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The rise of the AI-powered citizen developer</h2> <p>Historically, citizen developers were business users working within low-code/no-code environments to build relatively simple applications. These tools were typically confined to structured platforms and predefined templates, often supporting functions in HR, finance or operations. While they accelerated delivery for routine use cases, users still depended heavily on IT for complex integrations, architecture and governance.</p> <p>Today, generative AI is rapidly widening the scope of what these users can build. Instead of working only within structured templates, employees can now describe desired outcomes in natural language and generate functional applications with minimal technical input. In turn, the barrier to entry is shifting, from knowing how to code to understanding the problem itself.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> GenAI has lowered the fluency bar from 'can you code' to 'can you reason about the problem.' </figure> <figcaption> <strong>Aleks Bass</strong>Chief product and technology officer, Typeform </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Aleks Bass, chief product and technology officer at Typeform, an interactive form builder and automation platform, described this shift as a change in fluency. "GenAI has lowered the fluency bar from 'can you code' to 'can you reason about the problem,'" <a></a><a>she </a>said.</p> <p>Matt Kunkel, CEO and co-founder of LogicGate, a SaaS-based governance, risk and compliance company, similarly emphasized how broad this shift has become. "The prevalence of AI means any employee can be a 'typical citizen developer,'" he said, underscoring how software creation is no longer limited to technical teams.</p> </section> <section class="section main-article-chapter" data-menu-title="Why enterprises are embracing development beyond IT"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why enterprises are embracing development beyond IT</h2> <p>A combination of technological progress and <a></a><a>enterprise pressures</a> is accelerating this shift.</p> <p>On the technology side, GenAI has lowered the barrier to entry, while enterprise-grade, no-code/low-code platforms, such as Microsoft Power Platform, ServiceNow and Salesforce Flow now include AI-assisted development features that make application building more accessible than ever.</p> <p>Beyond technological advancements, longstanding inefficiencies in traditional development models are also driving this shift.</p> <p>"The traditional development process is very long, from ideation to validation, testing and architecture decisions," said Hugo Huang, product director at Canonical, a company that builds and maintains the open source Ubuntu platform. "By the time an application is delivered, requirements might have already changed," he added.</p> <p>Organizational pressures are playing an equally important role as enterprises face persistent IT backlogs and developer shortages. In an August 2025 employment <a target="_blank" href="https://www.bls.gov/news.release/pdf/ecopro.pdf" rel="noopener">report</a>, the U.S. Bureau of Labor Statistics projected ongoing demand for software developers to grow faster than the supply of qualified talent, creating pressure that IT teams can't always absorb. As a result, business units are increasingly building their own tools.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The biggest driver is not just generative AI; it's the combination of AI lowering the barrier to entry and persistent IT backlogs. </figure> <figcaption> <strong>Sonu Kapoor</strong>Senior Angular consultant, Solid Software Solutions </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"The biggest driver is not just generative AI; it's the combination of AI lowering the barrier to entry and persistent IT backlogs," said Sonu Kapoor, senior Angular consultant at Solid Software Solutions, a company that builds bespoke mobile and web applications. He explained that both improved access to tools and longstanding operational bottlenecks are fueling the shift. "Business teams have always had ideas that couldn't get prioritized. What's changed is that now they can act on those ideas," he added.</p> <p>As this shift accelerates, some organizations are starting to respond more deliberately. Rather than leaving informal experimentation to continue unchecked, some are treating citizen development as a structured capability. At Typeform, for example, this shift is being operationalized with clear guardrails and oversight.</p> <p>"We define citizen development as non-engineers safely shipping real production changes using AI coding tools, within clearly bounded domains and with engineering review in the loop," said Typeform's Bass.</p> <p>Taken together, these trends reflect a broader convergence of more accessible tools and rising business demand. By enabling nontechnical employees to build their own tools, organizations can extend development capacity, accelerate innovation and respond more quickly to evolving business needs without significantly scaling centralized IT teams.</p> </section> <section class="section main-article-chapter" data-menu-title="What citizen developers are building across the business"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What citizen developers are building across the business</h2> <p>Across business units, citizen developers are building a wide range of tools that previously required months of engineering effort. Common examples include internal dashboards for tracking performance metrics, <a href="https://www.techtarget.com/searchitoperations/tip/Open-source-workflow-engines-and-how-to-use-them">workflow automation tools</a> that streamline approvals and data entry, and AI-powered assistants that support customer service, knowledge access and routine decision-making. These use cases span various functions such as sales, operations, HR, legal and finance, underscoring how broadly citizen development is spreading across the enterprise.</p> <p>LogicGate's Kunkel noted that this shift is ultimately driven by productivity gains at the edge of the organization. In finance teams, for example, AI-enabled tools are helping accelerate processes like financial close, giving leadership access to critical information sooner and improving decision-making speed. "If they can close the books in one week instead of two, that means leadership gets important financial information a full week sooner," he explained.</p> <p>As adoption grows, however, most organizations are intentionally defining boundaries to balance speed with safety. Rather than leaving development entirely open-ended, they encourage teams to start small and expand gradually as confidence builds.</p> <p>"We deliberately start with high-leverage, low-risk tasks such as copy updates, UI tweaks and small configuration changes in well-tested areas," <a></a><a>Bass </a>explained. She added that the teams slowly expand into more complex work, including UX improvements, integrations and small feature flows, but always within defined guardrails and clear review processes. These changes, she noted, are executed in controlled environments, such as <a href="https://www.techtarget.com/searchapparchitecture/definition/feature-flagging">feature flags</a> and <a href="https://www.techtarget.com/searchsecurity/definition/sandbox">sandboxes</a>, to ensure they remain safe, observable and easy to roll back if needed.</p> <p>This controlled progression is key to scaling citizen development safely. It helps organizations move quickly without sacrificing oversight, while also shifting problem-solving closer to the point of need.</p> </section> <section class="section main-article-chapter" data-menu-title="The growing risks of distributed AI development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The growing risks of distributed AI development</h2> <p>While decentralized development brings clear benefits, it also adds new layers of complexity that make systems harder to track, govern and scale consistently over time. As a result, risks are emerging alongside gains in speed and flexibility.</p> <p>Some of the most common challenges organizations face include the following:</p> <h3>Lack of visibility</h3> <p>As business users build and deploy applications across multiple platforms, IT teams can lose visibility into the full application landscape. This creates what is often referred to as <a href="https://www.techtarget.com/searchsecurity/tip/Shadow-AI-How-CISOs-can-regain-control-in-2026">shadow AI</a> -- tools and automations created outside formal governance structures.</p> <p>This lack of visibility is further compounded by the speed of AI innovation. "The pace of AI development is so fast that policies alone can't keep up," said Canonical's Huang.</p> <p>He also pointed to a deeper shift in how modern systems operate, noting that in agentic AI-driven environments, software increasingly behaves like a continuous flow of data, making it much harder to observe, govern and control in a structured way.</p> <h3>Data security concerns</h3> <p>One of the most significant risks in citizen development is unintended exposure of sensitive data. Employees often connect applications directly to enterprise systems without full awareness of <a href="https://www.techtarget.com/searchsecurity/tip/How-to-write-a-data-classification-policy-with-template">data classification rules</a> or access constraints. This can result in overly permissive access, weak controls or unintended exposure of sensitive information.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> It's one thing to allow access to data, but connecting AI to business-critical systems might exceed the risk tolerance for some organizations. </figure> <figcaption> <strong>Matt Kunkel</strong>CEO and co-founder, LogicGate </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Kunkel emphasized that governance must clearly define how AI interacts with enterprise systems. "It's one thing to allow access to data, but connecting AI to business-critical systems might exceed the risk tolerance for some organizations."</p> <p>In some cases, this can lead to more serious risks. For example, poorly governed applications could inadvertently expose sensitive data, such as <a href="https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII">PII</a>, or send business data to external AI tools without employees fully understanding where that data goes, how it's stored or whether it's reused.</p> <p>The risk doesn't stop there. Sensitive data can also appear in system logs or AI-generated outputs, creating additional exposure. In regulated industries, this raises concerns around compliance, <a href="https://www.techtarget.com/searchcloudcomputing/definition/data-residency">data residency</a> and auditability.</p> <h3>Vibe coding risks</h3> <p>As generative AI becomes more widely available, some employees are adopting informal <a href="https://www.techtarget.com/searchcio/feature/Vibe-coding-What-IT-leaders-need-to-know">vibe coding</a> approaches -- building and deploying applications through AI-generated code without fully understanding the underlying logic.</p> <p>While this accelerates experimentation, it often bypasses critical engineering practices such as peer review, structured testing and security validation.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Many nontechnical employees are now building applications with AI tools without formal training in data handling or software engineering practices, which can increase the risk of insecure or poorly governed implementations. </figure> <figcaption> <strong>Hugo Huang</strong> Product director, Canonical </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"Many nontechnical employees are now building applications with AI tools without formal training in data handling or software engineering practices, which can increase the risk of insecure or poorly governed implementations," Huang said. He added that without a clear understanding of how these systems handle data, authentication or integrations, even simple applications can introduce unintended security gaps.</p> <p>Over time, this can lead to hidden vulnerabilities, fragile dependencies and applications that are difficult to maintain, audit or scale, especially when AI-generated code is deployed without visibility or oversight.</p> <h3>Inconsistent standards</h3> <p>In many organizations, citizen development is happening in parallel across multiple business units, often using different tools, frameworks and levels of oversight. Without shared visibility into what others are building, teams can unknowingly duplicate work or develop similar tools for the same problems.</p> <p>This can eventually lead to fragmented systems that are difficult to integrate with core infrastructure and contribute to a <a href="https://www.techtarget.com/searchcloudcomputing/tip/The-hidden-costs-of-technical-debt-in-infrastructure">growing technical debt</a>. Organizations might find themselves managing a loosely governed ecosystem of applications that no single team fully understands.</p> <p>Solid Software Solutions' Kapoor noted that the scale of AI-driven development is creating challenges not just of control, but of coordination -- especially as the volume of applications grows beyond traditional review capacity.</p> </section> <section class="section main-article-chapter" data-menu-title="Regaining control: Enterprise governance and enablement"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Regaining control: Enterprise governance and enablement</h2> <p>Most of the challenges associated with decentralized application development are not caused by AI or citizen development itself. Instead, they stem from how quickly these tools are being adopted, often outpacing the governance frameworks enterprises have in place to manage them.</p> <p>Kunkel emphasized that successful organizations start with clearly defined <a href="https://www.techtarget.com/searchsecurity/tip/What-CISOs-need-to-know-about-AI-governance-frameworks">AI governance frameworks</a> that specify which tools are permitted, what data they can access and why those boundaries exist. "Safe and successful AI adoption requires a holistic, proactive risk and governance approach," he noted, especially as organizations often lack full visibility into where AI is being used.</p> <p>To regain control, a growing number of enterprises are adopting approved platform models, limiting citizen development to vetted low-code and AI-enabled environments. This ensures stronger oversight while still enabling innovation.</p> <p>Beyond specific platform choices, a key principle emerging across organizations is that governance should be risk-based, not role-based.</p> <p>"The line should not be drawn around tools; it should be drawn around risk," Kapoor said. "Business users can safely build low-risk applications, but anything touching sensitive data or core systems should remain under engineering oversight."</p> <p>Bass described a similar approach. Her company uses structured categories to determine what level of oversight is required for different types of development work. "We've formalized this into green, amber and red categories," Bass said, adding that more people can contribute to building software, but the rules for what can be released still stay the same. The company has also introduced formal programs that pair nontechnical employees with engineers, while limiting what systems they can access and establishing clear guardrails around what they can build.</p> <p>Many enterprises are also establishing <a href="https://www.techtarget.com/whatis/definition/center-of-excellence-CoE">centers of excellence</a> that bring together IT, security and business stakeholders to support citizen developers, review higher-risk applications and define standards.</p> <p>These structures also reflect a broader change in how IT functions within the organization. More broadly, IT is shifting from gatekeeper to enabler -- building secure foundations, enforcing guardrails and maintaining visibility across distributed development environments.</p> </section> <section class="section main-article-chapter" data-menu-title="The shift to distributed development models"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The shift to distributed development models</h2> <p>Citizen development is also reshaping longstanding assumptions about <a href="https://www.techtarget.com/searchenterpriseai/tip/LLM-build-vs-buy-A-decision-framework-for-LLM-adoption">build-versus-buy decisions</a>. In some cases, internally built tools are beginning to outperform SaaS offerings for highly specific workflows such as reporting dashboards, approval systems and internal automation tools.</p> <p>This isn't necessarily because internally built tools are more advanced, but because they are designed with a deeper understanding of the exact workflows they support and can be iterated on directly by the teams using them.</p> <p>As Bass noted, this shift also changes how organizations innovate in practice. "When non-engineers can adjust flows and experiences directly, you can avoid buying point solutions and run more experiments in-product," she said.</p> <p>This reflects a broader shift toward distributed development, where software creation is no longer centralized within IT but spread across the organization. In this model, IT's role does not disappear but evolves. Rather than owning and building all applications, IT teams increasingly focus on infrastructure, security, architecture, platform engineering and governance, while day-to-day development moves closer to the business.</p> <p>At the same time, Kunkel noted that SaaS itself might evolve in response. Some categories of standardized software could be partly replaced by internal AI-driven tools, especially for narrow, specific use cases. He added that SaaS providers that succeed will likely be those that build AI deeply into their products and offer more flexible platforms.</p> </section> <section class="section main-article-chapter" data-menu-title="Balancing speed, autonomy and control"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Balancing speed, autonomy and control</h2> <p>While citizen development helps build tools closer to business needs, it also brings challenges around governance, autonomy and control. For CIOs, the challenge is not to stop this shift but to manage it effectively.</p> <p>Huang emphasized the importance of clarity and communication in doing so. "A key part of the role is translating complex technical risks into simple, understandable language for executives."</p> <p>This need for clarity is becoming more urgent as organizations face pressure to accelerate delivery without compromising security or long-term system integrity.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A successful model strikes a balance between empowering employees and communicating the importance of protecting the organization. </figure> <figcaption> <strong>Matt Kunkel</strong>CEO and co-founder, LogicGate </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>As Kunkel explained, this requires treating governance not as a constraint, but as a design principle. "A successful model strikes a balance between empowering employees and communicating the importance of protecting the organization," he said.</p> <p>Increasingly, organizations that are succeeding with citizen development are intentionally designing for this balance rather than reacting to it. In practice, this means building operating models where speed and control are not competing priorities, but outcomes shaped by governance, tooling and clear guardrails from the start.</p> <p><i>Kinza Yasar is a technical writer for Informa TechTarget's AI and Emerging Tech group and has a background in computer networking.</i></p> </section> Generative AI is enabling nontechnical business users to build enterprise software, accelerating innovation while creating new risks around governance, security and control. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a279596285.jpg https://www.techtarget.com/searchenterpriseai/tip/Citizen-developers-are-redefining-enterprise-AI-development Fri, 17 Apr 2026 11:41:00 GMT Citizen developers are redefining enterprise AI development <p>While the labor market is in flux, companies must still use any advantage they can to find and hire the best candidates, and applicant tracking systems can help them succeed. Capabilities such as AI can potentially save recruiters time, and tools for text messaging candidates and asking current employees for referrals can help companies improve their recruiting efforts.</p> <p>Some vendors offer standalone ATSes, while some HR software vendors include an <a href="https://www.techtarget.com/searchhrsoftware/definition/applicant-tracking-system-ATS">ATS</a> module as part of a larger offering. CHROs should learn as much as possible about each product so they can make an informed decision about <a href="https://www.techtarget.com/searchhrsoftware/tip/Steps-for-implementing-an-applicant-tracking-system">which ATS is right for their company</a>.</p> <section class="section main-article-chapter" data-menu-title="What are applicant tracking systems?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are applicant tracking systems?</h2> <p>An applicant tracking system is software for <a href="https://www.techtarget.com/searchhrsoftware/feature/7-talent-acquisition-and-recruitment-trends">managing the recruiting</a> and hiring process. ATS users have different functions available to them based on their role in the recruitment process. For example, a recruiter can use the ATS to post a job, review applications, communicate with candidates and offer the job to the top candidate. Candidates can use the ATS to review an organization's job openings and apply for the ones that match their education, skills and experience. Candidates might also use the ATS to communicate with hiring teams and sign offers of employment. Managers will typically review resumes and add notes based on their interactions with candidates.</p> <p>The market for applicant tracking systems is large, with some vendors focused on providing standalone ATSes and others including the ATS as part of a <a href="https://www.techtarget.com/searchhrsoftware/definition/talent-management">talent management</a> suite. Standalone systems often have greater depth of functionality, while suites provide a consistent look and feel across the ATS and other modules and keep all HR data in one system, which can reduce the need for rekeying data.</p> <p>Applicant tracking systems were originally developed to automate the many steps in the recruitment process. Modern ATSes provide additional features, such as advanced branding options, diversity and inclusion tools, and integration with complementary systems, such as background check services and human resource information system (<a href="https://www.techtarget.com/searchhrsoftware/definition/HRIS">HRIS</a>) applications. They may also offer CRM (candidate relationship management) functionality to help companies engage past and passive candidates.</p> <p><a href="https://www.techtarget.com/searchhrsoftware/tip/Tips-for-writing-an-RFP-for-an-ATS-with-template">Vendors increasingly offer</a> AI and machine learning capabilities for tasks such as reviewing resumes, writing job descriptions, identifying top candidates for open positions and communicating with candidates. Reporting and dashboards have also become increasingly sophisticated.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/applicant_tracking_system_functions-f.png"> <img data-src="https://www.theserverside.com/rms/onlineimages/applicant_tracking_system_functions-f_mobile.png" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/applicant_tracking_system_functions-f_mobile.png 960w,https://www.theserverside.com/rms/onlineimages/applicant_tracking_system_functions-f.png 1280w" alt="Graphic of the functions of an applicant tracking system." height="364" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>An ATS digitizes and often automates the main steps of the recruitment process and stores candidate data in a central location. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="16 of the top applicant tracking systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>16 of the top applicant tracking systems</h2> <p>The list below consists primarily of companies that focus on the ATS market, so vendors of HRISes and <a href="https://www.techtarget.com/searchhrsoftware/definition/human-capital-management-HCM">human capital management</a> suites that include an ATS module do not appear on this list, which is presented in alphabetical order. Vendors were chosen based on information from sources such as Capterra, G2 and Gartner, as well as vendor websites and the author's personal experience working with ATSes.</p> <h3>1. Avature</h3> <p>Avature was founded in 2005 by the co-founder of HotJobs.com, and the software first focused on engaging candidates and sourcing passive ones. Now Avature users can automate the hiring process and customize the system to meet their companies' unique needs.</p> <p>The software also includes functions for contingent workforce management, onboarding, performance management and succession planning, as well as a recruiting events management feature for planning, promoting and tracking the outcomes of recruiting events.</p> <h3>2. Breezy</h3> <p>Breezy has more than 17,000 clients in over 80 countries. The software enables users to communicate with candidates by text and email, and it offers templates for various HR and talent acquisition interactions.</p> <p>The system also integrates with diversity, equity and inclusion (<a href="https://www.techtarget.com/searchhrsoftware/definition/diversity-equity-and-inclusion-DEI">DEI</a>) job sites and offers features to help attract a diverse candidate base, including deleting information such as gender from job applications to help prevent bias. The vendor also offers an onboarding module to welcome new hires to the company.</p> <h3>3. ClearCompany</h3> <p>ClearCompany was founded in 2004 as HRM Direct, and its talent management suite includes an ATS, onboarding, background checks, performance management, learning management, employee engagement and compensation.</p> <p>The system supports video interviews and text messaging with candidates, and  offers English, French and Spanish candidate communication. ClearCompany makes it easy to brand offer letters, even if a company has multiple locations.</p> <p>The software also includes AI capabilities for processes such as writing job descriptions and composing emails.</p> <h3>4. Greenhouse</h3> <p>Greenhouse offers a mobile app , over 500 prebuilt integrations and an open API so the software can connect to a company's HRIS and other applications such as Slack and DocuSign.</p> <p>The software also includes reporting and dashboards to <a href="https://www.techtarget.com/searchhrsoftware/tip/Metrics-to-calculate-your-applicant-tracking-system-ROI">help track the recruitment process</a>, scorecards to attempt to avoid bias in interviews, access to more than 1,000 job boards and an onboarding module.</p> <h3>5. ICIMS</h3> <p>ICIMS' talent acquisition system includes <a href="https://www.techtarget.com/searchhrsoftware/feature/Challenges-of-AI-in-recruitment">AI capabilities for identifying potential candidates</a>  already in the database, interacting with candidates through a chatbot and providing insights across the platform. The system also includes other features that can help companies maintain a connection with internal and external talent, as well as onboarding capabilities.</p> <p>ICIMS also has a large number of partners that offer specialized services.</p> <h3>6. JazzHR</h3> <p>JazzHR is aimed at small businesses and has won awards for its offerings. It is owned by Employ Inc., which also offers other applicant tracking systems.</p> <p>The company's evaluation system can compare candidates and attempt to reduce bias in the hiring process using scorecards. The software also integrates with popular calendar applications for interview scheduling and supports an unlimited number of job listings and users, avoiding the need to pay additional fees if a company hires more recruiters.</p> <p>JazzHR also lets users request and receive referrals from employees' and recruiters' personal networks, track candidate progress and receive applications by text.</p> <h3>7. Jobvite</h3> <p>Jobvite's ATS lets users add extra functionality, including onboarding features for new hires, chatbots, CRM and video screening, among other additions. AI capabilities include searching the candidate database to identify and rank previous candidates, sending candidate messages and scheduling interviews with applicants.</p> <p>Recruiters can receive training and certification using the vendor's Jobvite Academy. Like JazzHR, Jobvite is owned by Employ Inc.</p> <h3>8. Lever</h3> <p>Lever is easy to use and maintain and includes built-in integrations with popular HR systems. Users can pull data from multiple Lever sources, such as a candidate profile or job offer, and push it to the company HRIS.</p> <p>The software also includes integrated candidate relationship management capabilities to help build long-term relationships with candidates who may be a fit for future positions as well as features that support DEI programs, such as evaluating whether the company is meeting its DEI goals. The software enables users to create multiple postings for one job, which could be helpful for companies that operate and hire in various locations.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/lever_dashboard.png"> <img data-src="https://www.theserverside.com/rms/onlineimages/lever_dashboard_mobile.png" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/lever_dashboard_mobile.png 960w,https://www.theserverside.com/rms/onlineimages/lever_dashboard.png 1280w" alt="Screen shot of Lever dashboard." height="479" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Lever can pull data from numerous sources into dashboards, like this one showing key hiring metrics. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>9. Manatal</h3> <p>Manatal uses AI to develop candidate profiles by mining data from social media and other sites and to offer recommendations about which candidates are the best fit for open jobs.</p> <p>The progressive web app design lets users access the software on any device, and Manatal is transparent about the system's performance uptime, providing a link on its homepage to a log of software issues, resolutions and improvements.</p> <h3>10. Pinpoint</h3> <p>Pinpoint offers multilingual applicant tracking software that includes a built-in onboarding feature to help simplify the process of completing new-hire forms and processes. The system also includes preconfigured integrations with job boards and an employee referral feature.</p> <p>Users can add any agencies to the system that the company uses to help fill vacancies and can customize the system's requisition approval process.</p> <h3>11. Recruitee</h3> <p>Recruitee offers an ATS as well as onboarding tools, e-signature functionality and AI capabilities that can help automate manual recruiting processes. Recruitee supports WhatsApp as a communication tool for the hiring process, which is unusual. Candidates can apply using WhatsApp and use it to chat with recruiters.</p> <p>Recruitee was formed by combining the companies KiwiHR, Javelo and Recruitee.</p> <h3>12. SeekOut</h3> <p>SeekOut was founded in 2016 by former Microsoft executives and engineers. The software uses AI to mine publicly available content on social media and other sources to help recruiters find passive candidates and build internal and external candidate profiles. The AI engine also matches internal and external candidates to open positions.</p> <p>SeekOut also includes tools to help companies meet their diversity recruiting goals, including the ability to analyze representation among candidates. The system's detailed employee profiles can foster employee development and support internal mobility programs.</p> <h3>13. SmartRecruiters</h3> <p>SmartRecruiters was acquired by SAP SE in 2025, and SAP says the software will be integrated into SAP SuccessFactors but remain available as a standalone ATS as well. The ATS can automate the full talent acquisition process, including <a href="https://www.techtarget.com/searchhrsoftware/definition/recruitment-marketing">recruitment marketing</a>, offer management, onboarding and compliance. The software also offers interview scheduling capabilities and interview scorecards to attempt to avoid bias.</p> <p>SmartRecruiters' AI can carry out resume screening, and a chatbot can communicate through text and WhatsApp. A central inbox captures all candidate communication, regardless of the communication method.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/smart_recruiters_screenshot.jpg"> <img data-src="https://www.theserverside.com/rms/onlineimages/smart_recruiters_screenshot_mobile.jpg" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/smart_recruiters_screenshot_mobile.jpg 960w,https://www.theserverside.com/rms/onlineimages/smart_recruiters_screenshot.jpg 1280w" alt="SmartRecruiters Discovery screen shot." height="315" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>SmartRecruiters Discovery scans candidate databases and talent communities to suggest strong candidates. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>14. Taleo</h3> <p>Founded in 1996 and acquired by Oracle in 2012, Taleo possesses one of the largest client bases in the talent acquisition industry.</p> <p>Taleo's ATS offers a wide range of configuration options and integrations with third-party vendors. The software uses AI to parse resumes and award points based on keywords. The software can also assign more points to certain words if necessary.</p> <h3>15. Trakstar</h3> <p>Trakstar is owned by Mitratech, and the vendor's website claims Trakstar has over 3,000 customers. Its talent management suite includes an ATS as well as performance management, learning and workforce analytics modules.</p> <p>The ATS, Trakstar Hire, can post open positions in multiple locations simultaneously, and the software can parse a candidate's email and accompanying resume to automatically create a candidate profile. Users can add a talent sourcing partner to the ATS, so all recruiting takes place in one system.</p> <h3>16. VidCruiter</h3> <p>VidCruiter's end-to-end interview platform makes it easy to incorporate video into the hiring process, including videos of candidates answering prescreening questions.</p> <p>Candidates can also use the platform to take online skill tests, with or without a proctor. If candidates complete skills assessments without a live proctor, the software can limit and track candidates' actions. For example, VidCruiter can prevent candidates from pasting in answers and track instances of a candidate switching tabs or applications. It also has a tool for checking whether a candidate is a deepfake.</p> <p>The platform can help plan virtual events and automate the reference-checking process.</p> <p><i>Eric St-Jean is an independent consultant with a particular focus on HR technology, project management and Microsoft Excel training and automation. He writes about numerous business and technology areas.</i></p> </section> Modern ATSes provide features, such as advanced branding options, diversity and inclusion tools, and integration with complementary systems. Learn the top products. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1205300933.jpg https://www.techtarget.com/searchhrsoftware/tip/Top-16-applicant-tracking-systems Fri, 17 Apr 2026 11:30:00 GMT 16 top applicant tracking systems for 2026 <p>A busy week with research being shared, partner programmes launched and financial updates on how businesses have been faring.</p> <section class="section main-article-chapter" data-menu-title="Kaseya"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Kaseya</h2> <p>The managed service specialist has released its 2026 <em>State of the MSP report</em>, with the headline finding that AI has become both a tool for the channel as well as their customers. Demand for managed services is continuing but growth is harder to achieve, with the bulk of those quizzed in the report indicating that gaining fresh customers was a challenge. Deal sizes are also declining, which is making life harder.</p> <p>“The MSP market is maturing, and rising competition is forcing providers to rethink how they grow,” said Dan Tomaszewski, executive vice-president of channel at <a href="https://www.kaseya.com/">Kaseya</a>. “The strongest MSPs are tightening their operations, prioritising efficiency and using data to clearly prove their value to customers.”</p> </section> <section class="section main-article-chapter" data-menu-title="Azul"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Azul</h2> <p>The enterprise Java player shared an update on the progress it has been making on the channel front in FY26, with 50% of business going through channel and alliance partners using Azul’s PartnerConnect programme.</p> <p>“FY26 was a defining year for Azul as enterprises increasingly relied on our platform to run Java with greater performance, predictability and cost control in complex, cloud-first environments,” said Scott Sellers, co-founder and CEO of <a href="https://www.azul.com/">Azul</a>.</p> <p>“Our momentum reflects strong customer adoption, rapid innovation across our product portfolio and exceptional execution in our go-to-market strategy that positions Azul for continued strong growth and leadership as global enterprises demand best-in-class Java solutions.” </p> </section> <section class="section main-article-chapter" data-menu-title="PFU"> <h2 class="section-title"><i class="icon" data-icon="1"></i>PFU</h2> <p>The Ricoh company and document imaging specialist has launched its PaperStream Solution Partner Programme across EMEA. The offering will encourage partners to take bundled propositions, including scanning hardware, capture software and integrated workflow capabilities out to customers. The option will be available to partners already enrolled in PFUE’s Imaging Channel Programme (ICP).</p> <p>Christophe Laurence, EMEA business development director <a href="https://www.pfu.ricoh.com/global/">PFU</a> (EMEA), said: “Channel partners are under increasing pressure to protect margins and demonstrate value beyond hardware. The PaperStream solution partner programme gives them a clear framework to do exactly that – combining best-in-class scanning, powerful capture software and integrated workflow solutions into offerings that solve real business challenges. Crucially, it also supports partners in building more predictable, recurring revenue streams, while strengthening their role as trusted advisors to customers.” </p> </section> <section class="section main-article-chapter" data-menu-title="Gartner"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Gartner</h2> <p>The analyst house released its analysis of the Q1 global PC market, which revealed that worldwide PC shipments reached 62.8 million, which represented a 4% increase when compared to the same period last year.</p> <p>“The 4% year-over-year PC shipment growth in the first quarter of 2026 was artificially inflated,” said Rishi Padhi, research principal at <a href="https://www.gartner.com/en">Gartner</a>. “It was not due to genuine demand, but instead because of vendors’ and channel distributors’ increase of inventory levels ahead of expected price hikes in the second quarter of 2026 driven by rapidly rising memory price inflation (memflation), as well as Dram and Nand flash component costs. This is especially true for lower-margin products.”</p> </section> <section class="section main-article-chapter" data-menu-title="10ZiG Technology"> <h2 class="section-title"><i class="icon" data-icon="1"></i>10ZiG Technology</h2> <p>The thin client specialist has cut the ribbon on its Ready technology partner programme. The expanded offering has been designed to encourage more linking of solutions across the end user computing stack. Partners joining the programme get access to validated offerings that support a portfolio of services, including virtual desktop, security and monitoring tools.</p> <p>“Customers are looking for solutions that work together without added integration effort,” said Tom Dodds, global strategic alliances manager at <a href="https://www.10zig.com/">10ZiG Technology</a>. “The expansion of 10ZiG Ready reflects a practical approach to building an ecosystem where partners can align around common use cases, and customers can deploy with fewer variables and more predictable results.” </p> </section> <section class="section main-article-chapter" data-menu-title="Veeam Software"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Veeam Software</h2> <p>The vendor has shared the findings from its <i>Data trust and resilience report 2026</i>, which has identified a gap between how confident customers are around resilience and their ability to recover after an incident.</p> <p>“Confidence in recovery from a ransomware attack is high, but the data tells a different story – and AI is only widening that gap,” said Anand Eswaran, CEO at <a href="https://www.veeam.com/">Veeam</a>. “Even the most sophisticated organisations are discovering that confidence in recovery and proof of recovery are fundamentally different capabilities.</p> <p>“Data resilience is still the hard requirement: knowing what data you have, where it lives, who can access it and proving you can restore clean, trusted data fast when attackers – or operational failures – put the business under pressure.</p> <p>“The infrastructure for deploying AI has rapidly outpaced the ability to secure it. Organisations need end-to-end capabilities to understand, secure, protect, govern and ensure their data is resilient at machine speed.” </p> </section> <section class="section main-article-chapter" data-menu-title="Medallia"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Medallia</h2> <p>The customer and employee experience player has launched a services partner programme to increase the support it can provide to those that work with the vendor. The tiered programme will provide a progressions roadmap to partners, as well as increased resources.</p> <p>“Medallia’s partners are central to both our long-term growth strategy and the value we deliver to our customers every day,” said Sid Banerjee, chief strategy officer at <a href="https://www.medallia.com/">Medallia</a>. “With our enhanced leadership, expanded summit programmes, and the new services partner programme, we are strengthening our commitment to provide partners with the visibility, support and opportunities they need to thrive and continue driving strong business outcomes for our customers around the world.”</p> </section> Developments of note this week from Kaseya, Azul, PFU, Gartner, 10ZiG Technology, Veeam Software and Medallia https://cdn.ttgtmedia.com/visuals/German/article/data-manuscript-stack-paper-adobe.jpg https://www.computerweekly.com/microscope/news/366641491/Channel-catch-up-News-in-brief Fri, 17 Apr 2026 11:23:00 GMT Channel catch-up: News in brief <p>Zach Judge-Raza, a London-based legal director at law firm ZwillGen, counsels clients on both domestic and cross-border matters involving privacy, data protection, and other emerging technology and data-related legal issues. An experienced litigator, he has represented clients before the Investigatory Powers Tribunal and the UK High Court.</p> Zach Judge-Raza, a London-based legal director at law firm ZwillGen, counsels clients on both domestic and cross-border matters involving privacy, data protection, and other emerging technology and data-related legal issues. An experienced litigator, he has represented clients before the Investigatory Powers Tribunal and the UK High Court. https://www.techtarget.com/contributor/Zach-Judge-Raza Fri, 17 Apr 2026 11:01:00 GMT Zach Judge-Raza <p>SALT LAKE CITY, Utah -- Now is the time for enterprises to be focused on not merely planning AI strategies but having success putting agents and other AI tools into production.</p> <p>That was one of the messages delivered by a group of data industry experts during a breakout session at Domopalooza, the recent annual user conference held by <a href="https://www.techtarget.com/searchbusinessanalytics/news/366640792/Domo-doubles-down-on-AI-with-latest-platform-additions">data and analytics vendor Domo</a>.</p> <p>Moderated by Domo chief design officer and futurist <a href="https://www.techtarget.com/searchbusinessanalytics/feature/As-AI-advances-Domo-is-evolving-to-meet-customer-needs">Chris Willis</a>, the panel of BARC U.S. analyst Kevin Petrie, Dresner Advisory Services analyst Chris Von Simpson and InformationWeek journalist Myles Suer discussed the importance of AI in the enterprise and how to have success developing AI applications.</p> <p>"The winners are going to be the ones that can make this happen faster," Suer said.</p> <p>It's been three-and-a-half years since OpenAI's November 2022 launch of ChatGPT marked significant improvement in generative AI technology and spurred enterprises to significantly <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026" rel="noopener">increase their investments</a> in AI development. In that time, to help customers have success building AI tools, many data management and analytics vendors have created environments within their platforms designed to simplify developing AI tools informed by proprietary data so that the tools understand the unique characteristics of their organization.</p> <p>However, despite the effort and attention paid to AI development, the overwhelming majority of AI initiatives <a target="_blank" href="https://mlq.ai/media/quarterly_decks/v0.1_State_of_AI_in_Business_2025_Report.pdf" rel="noopener">fail before making it into production</a> and enterprises are seeing no returns on their investments in AI.</p> <p>"We've created incredible new capabilities that apply to the bulk of knowledge worker activities, but if you look at history, there are many cases where a disruptive technology arrives, but it takes decades to figure out how to put it to work," Petrie said, noting that U.S. productivity statistics have not yet been affected by AI. "We have work to do to really figure out how to put this massive technology to work."</p> <p>Disorganized data that makes it difficult to discover and operationalize the relevant data that AI tools need for <a href="https://www.techtarget.com/searchenterpriseai/tip/Exploring-the-context-layer-for-AI-systems">proper context</a> and poor <a href="https://www.techtarget.com/searchdatamanagement/news/366629129/Modern-architecture-high-quality-data-key-to-AI-development">data quality</a> are among the myriad problems enterprises encounter when developing AI tools. There are, however, ways to overcome the barriers to success when attempting to develop AI, according to the experts.</p> <section class="section main-article-chapter" data-menu-title="The importance of AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The importance of AI</h2> <p>Enterprises need to experiment with AI development and soon have success deploying AI tools because of their transformative potential.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> We've created incredible new capabilities that apply to the bulk of knowledge worker activities, but … we have work to do to really figure out how to put this massive technology to work. </figure> <figcaption> <strong>Kevin Petrie</strong>Analyst, BARC U.S. </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Applications such as chatbots and agents can improve decision-making by drastically simplifying the <a href="https://www.techtarget.com/searchbusinessanalytics/news/365530077/BI-adoption-poised-to-break-through-barrier-finally">previously complex process</a> of exploring and analyzing data, both boosting the overall knowledge of workers as well as improving the quality of major strategic decisions. In addition, AI tools can improve operational efficiency by automating repetitive business processes and performing previously manual tasks, so employees can spend their time doing more meaningful work and  businesses can scale operations without having to add more staff.</p> <p>AI tools can even do much of the work required to prepare the data that gives them their own intelligence, such as checking the quality of data used for AI initiatives and <a href="https://www.techtarget.com/searchbusinessanalytics/feature/Talend-CEO-discusses-importance-of-mining-relevant-data">retrieving the relevant data</a> for agents to autonomously perform specific work, such as detecting fraud, optimizing supply chains and personalizing outreach.</p> <p>"AI can help you speed up data management," Petrie said. "AI can help with data quality, with metadata generation, documentation, preparation, integration and so forth. But you need people in control. … Probabilistic models can't get it right all the time, so the task is to figure out how to have humans deal with that ambiguity."</p> <p>In addition, enterprises need to be putting AI tools that perform as intended into production because  competitors are likely doing so, and those that have success putting AI tools into production can <a href="https://business.fiu.edu/academics/graduate/insights/posts/competitive-advantage-of-using-ai-in-business.html">derive significant competitive advantages</a> over those that don't properly value AI's potential.</p> <p>"Your competitors are moving, so you need to start experimenting," von Simson said. "It's not so much about getting ahead, but it's about thriving, whatever that means for your organization -- you are building a concrete sense of value generation for your activities, and that will pay for your budget for AI and your continued experimentation."</p> <p>AI, when organizations have success building and deploying applications, is so potentially transformative that its effect is compared to that of electricity, the telephone and the internet.</p> <p>No business could compete without such technologies. And in a short amount of time, no business will be able to compete without AI being a ubiquitous <a href="https://www.techtarget.com/searchenterpriseai/feature/Is-your-business-ready-for-an-agentic-AI-team">part of their operations</a>.</p> <p>"[CIOs are saying] that this is moving so fast and they need to be on top of it and understand it even better than they do," Suer said. "They are convinced that this is probably one of the biggest changes that they've ever been involved with."</p> </section> <section class="section main-article-chapter" data-menu-title="Best practices"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Best practices</h2> <p>While AI is viewed as a transformative technology, its benefits remain merely potential for most organizations rather than reality.</p> <p>Despite the ongoing lull as organizations struggle to develop agents and other AI tools that deliver relevant, accurate outputs at an acceptable level, the panelists noted that there are <a href="https://www.techtarget.com/searchenterpriseai/tip/A-technical-guide-to-agentic-AI-workflows">logical steps</a> that can improve the likelihood of success.</p> <p>While myriad problems contribute to the high failure rate of AI initiatives, problems with the underlying data used to inform AI applications are prominent among them. Disorganized data, data that's isolated in disparate systems and can't be integrated, and <a href="https://www.techtarget.com/searchbusinessanalytics/feature/GenAI-demands-greater-emphasis-on-data-quality">poor data quality</a> are common barriers.</p> <p>Therefore, making sure data is properly prepared for AI is critical for enterprises to increase the success rate of their development initiatives, according to Petrie, who noted that Jonas Prising, the CEO of ManpowerGroup, recently emphasized the importance of a modern <a href="https://www.techtarget.com/searchstorage/opinion/IT-leaders-face-data-infrastructure-gaps-as-AI-workloads-grow">data infrastructure</a> when discussing AI development with <i>The Wall Street Journal</i>.</p> <p>"He talked about the need for a strong data foundation and … helping what is the number one obstacle to AI success, and that's data quality," Petrie said.</p> <p>In addition, BARC research found that organizations with executive-level involvement in ensuring data quality have more success building AI tools than those that don't, he continued.</p> <p>"It definitely makes sense for executives to show a level of proficiency with data and data quality to make sure that you have clean inputs," Petrie said. "Those folks make stronger inroads faster and … get more into production faster. They started with a strong base for the whole company."</p> <p>Another path toward success with AI is to <a href="https://www.techtarget.com/searchcio/feature/Failure-is-an-option-as-an-IT-leadership-tool">keep experimenting</a> -- even before data is completely AI ready -- and accept that failure is part of the development process, according to von Simson.</p> <p>"It takes time and money to [prepare data], and you're not going to have time to complete that exercise before you're out of time," he said. "So, you must experiment. You must try, fail fast, and learn faster. You have to start with where you're at now and what you can try this week, next week and so forth."</p> <p>In addition, alignment between an AI initiative and the enterprise's overall business goals is beneficial, von Simson continued.</p> <p>"Be strategic," he said. "Do things that are core to the value of your business. That's your guiding light. You try things out and hope they work, and if they don't, you move on. But like startups, you have to try and fail before you succeed. It's the human condition."</p> <p>Modest <a href="https://www.techtarget.com/searchcio/feature/Beating-AI-fatigue-Quick-wins-for-CIOs">initial goals</a> are also important when trying to move AI projects into production, according to Willis.</p> <p>When an organization attempts to overhaul major business processes as an initial foray into AI development, initiatives are destined to fail. But when an organization tries to build <a href="https://www.techtarget.com/searchdatamanagement/feature/Snowflakes-AI-capabilities-fueling-music-data-specialist">an AI tool with a very specific intent</a>, the likelihood of success increases. That, in turn, builds momentum for additional projects.</p> <p>"You have to act responsibly and with purpose when trying to do these kinds of things," Willis said. "Those quick wins, the ones that are less risky than the bigger moonshots, are addictive."</p> <p>Finally, having a <a href="https://www.techtarget.com/searchcio/definition/CIO">CIO</a> with a foundation in AI and an understanding of models and what they can do is beneficial, according to Suer. In addition, the CIO needs to comprehend the business so that initiatives are designed to address business problems, and the CEO needs to be brought into the planning process rather than be an outside observer.</p> <p>"It is what it has been -- people, process and technology," Suer said.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/domopalooza_panel_discussion-f.jpg"> <img data-src="https://www.theserverside.com/rms/onlineimages/domopalooza_panel_discussion-f_mobile.jpg" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/domopalooza_panel_discussion-f_mobile.jpg 960w,https://www.theserverside.com/rms/onlineimages/domopalooza_panel_discussion-f.jpg 1280w" alt="Domo chief design officer and futurist Chris Willis (left), InformationWeek journalist Myles Suer (second from left), BARC U.S. analyst Kevin Petrie (second from right) and Dresner Advisory Services analyst Chris von Simson discuss AI development during a breakout session at Domo's annual user conference." data-credit="Eric Avidon/Informa TechTarget" height="370" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Domo chief design officer and futurist Chris Willis (left) moderates a panel discussion on AI development during Domo's annual user conference. Panelists include InformationWeek journalist Myles Suer (second from left), BARC U.S. analyst Kevin Petrie (second from right) and Dresner Advisory Services analyst Chris von Simson. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Concern as a constraint"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Concern as a constraint</h2> <p>Although poor data preparation for AI is perhaps the biggest problem preventing organizations from building production-ready AI tools, there are others as well.</p> <p>In particular, risk -- whether it's exposing proprietary data, misusing sensitive data, <a href="https://www.techtarget.com/searchenterpriseai/tip/Global-AI-legislation-and-regulation-tracker">violating regulations,</a> or <a href="https://www.techtarget.com/searchenterpriseai/tip/Why-does-AI-hallucinate-and-can-we-prevent-it">AI hallucinations</a> that lead to mistakes or humiliation -- remains a concern for many CIOs, according to Suer.</p> <p>"They are worried about risk and how to contain that risk," he said. "I think that keeps them awake at night."</p> <p>Deploying AI tools to inform decisions and execute certain operations represents turning a company over to technology, Suer continued. He noted that organizations were forced to rely on technology more than ever before <a href="https://www.techtarget.com/searchbusinessanalytics/news/252487544/Importance-of-analytics-heightened-by-COVID-19-pandemic">during the COVID-19 pandemic</a>. Empowering agents and other AI tools to make decisions and operate autonomously represents a new level.</p> <p>"That's what they're worried about, missing something that could completely disrupt a business and make it irrelevant," Suer said.</p> <p>Systems integration -- or lack thereof -- and lack of people skills to ask the right questions of AI tools and evaluate AI-generated insights are other concerns preventing success with AI, according to Petrie.</p> <p>"People are probably the hardest element to manage, and making sure that you're giving people the appropriate bridge to help them succeed is critical," he said.</p> <p>Whether concerns are legitimate or not, enterprises need to get past them and, if they haven't already, begin <a href="https://www.techtarget.com/searcherp/feature/5-conditions-for-durable-enterprise-AI">experimenting with AI</a> so they can learn what works for their organization and what doesn't, according to von Simson.</p> <p>"You can't take … long," he said. "You have to try something that's really short, just as a test, and if the test works, then keep going. If it doesn't work, you have to re-think. But failing fast is really important because you only learn through failure. Success is the reward at the end."</p> <p><i>Eric Avidon is a senior news writer for Informa TechTarget and a journalist with more than three decades of experience. He covers analytics and data management.</i></p> </section> Despite many organizations struggling to realize value from their development initiatives, best practices can help, according to industry experts at Domo's annual user conference. https://cdn.ttgtmedia.com/rms/onlineimages/code_g1289411982.jpg https://www.techtarget.com/searchdatamanagement/feature/Data-quality-fast-failures-and-quick-wins-key-to-AI-success Fri, 17 Apr 2026 10:18:00 GMT Data quality, fast failures and quick wins key to AI success <p>Physical AI systems offer an unprecedented level of machine autonomy that can benefit multiple sectors, such as heavy industry, manufacturing, energy retail, transportation and healthcare. However, adoption headwinds are significant and can become an obstacle to wider implementation.</p> <p>According to Deloitte's 2026 "State of AI in the Enterprise" report, in a <a target="_blank" href="https://www.deloitte.com/content/dam/assets-zone3/us/en/docs/services/consulting/2026/state-of-ai-2026.pdf" rel="noopener">survey</a> of 3,235 business and IT leaders, 58% said they're already using physical AI and 80% expect to begin using it within two years. Industrial and retail warehouses are increasingly advanced and intelligent. Unmanned systems and routing engines are meeting exponential increases in supply-chain demands. AI-driven robotic arms and autonomous mobile robots are selecting, assembling and transporting a variety of items while reducing accidents and improving operational efficiency. To realize the benefits of these deployments, businesses must adopt complex IT systems that incorporate digital sensors, machine vision, edge computing, cybersecurity and data analytics.</p> <p>Discover the infrastructure and costs necessary to deploy physical AI systems within the enterprise. Learn about physical AI infrastructure best practices and strategies for organizational adoption.</p> <section class="section main-article-chapter" data-menu-title="What physical AI systems can offer businesses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What physical AI systems can offer businesses</h2> <p>Using sensor data, physical AI models, sometimes called <a target="_blank" href="https://www.techtarget.com/searchenterpriseai/definition/embodied-AI" rel="noopener">embodied AI</a>, develop an understanding of their real-world environment. These models then use the data they collect to reason and interact with the environment to autonomously achieve an organization's goals.</p> <p>Physical AI use cases span a range of economic sectors. <a target="_blank" href="https://www.techtarget.com/searcherp/feature/Challenges-for-manufacturings-digital-shift-in-2025" rel="noopener">In manufacturing</a>, physical AI can detect anomalies early in production, reduce defect rates and identify emerging issues before they escalate. These embodied systems can use image analysis, video streams and sensor inputs to improve overall monitoring and outperform human inspections. In other high-risk industries, physical AI uses real-time visual and situational analysis to evaluate hazardous environments and reduce frontline worker exposure.</p> <p>While many sectors can benefit from the capabilities of physical AI, not every business is prepared to deploy this technology.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/types_of_robots-f.png"> <img data-src="https://www.theserverside.com/rms/onlineimages/types_of_robots-f_mobile.png" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/types_of_robots-f_mobile.png 960w,https://www.theserverside.com/rms/onlineimages/types_of_robots-f.png 1280w" alt="List of the different types of robots." data-credit="TechTarget" height="226" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Physical AI systems, like robots, come in many different forms and fulfill a variety of use cases. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="The costs and demands of physical AI systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The costs and demands of physical AI systems</h2> <p>In contrast to cloud-based, virtual AI deployments, like chatbots and generative and agentic AI, physical AI relies on a continuous stream of sensing, understanding, decision-making and event execution within real environments. These include remote devices, such as industrial IoT machines, robots and autonomous vehicles, that can perceive movement, interpret context, assess risk and take specific steps to achieve their goals.</p> <p>The following are the four primary stages involved in developing physical AI:</p> <ul class="default-list"> <li><b>The perception stage.</b> This is the integration of static remote devices, like cameras; light detection and ranging, or lidar; sensors; and computer vision.</li> <li><b>The adaptive reasoning stage.</b> The physical AI model draws conclusions from sensory and data inputs.</li> <li><b>The execution stage.</b> This stage bridges the gap between digital reasoning and edge devices' direct actions.</li> <li><b>The continuous learning stage.</b> Robots and physical devices use neural processing to automatically update and self-adjust actions based on new experiences without wholesale retraining.</li> </ul> <p>From perception to continuous learning, physical AI demands several things, the most critical being maintaining accurate data sources. Appropriate security measures are also necessary to safeguard hardware and device integrity at the edge. <a target="_blank" href="https://www.techtarget.com/searchenterpriseai/feature/Humans-and-AI-The-role-of-people-in-the-new-AI-world" rel="noopener">Human-in-the-loop controls</a> provide the human oversight that reinforces risk management and reliability. Edge technology integrates new levels of computational power and networking. GPUs and neural processing units further enable the parallel processing and real-time training simulations that physical AI models require. These data, security, edge computing and AI hardware costs can be substantial, despite the affordability of cloud services.</p> <p>According to the Deloitte report, business leaders cite cost as the key barrier to physical AI deployments. However, research indicates a gradual shift towards affordability. Bank of America Global Research <a target="_blank" href="https://institute.bankofamerica.com/content/dam/transformation/physical-ai-part-2.pdf" rel="noopener">predicted</a> that hardware costs for a humanoid robot will decrease from $35,000 in 2025 to about $17,000 by 2030.</p> <p>Polaris Market Research predicted that the global edge AI hardware market, valued at $21.86 in 2024, will grow at a compound annual growth rate of 17% during its 2024-34 <a target="_blank" href="https://www.polarismarketresearch.com/industry-analysis/edge-ai-hardware-market" rel="noopener">forecast</a> period. This would yield a market size of $107.5 billion USD by 2034. The demand driving this growth could result in a reduction in overall hardware costs.</p> <p>Power demands have also become a potential obstacle to widespread AI adoption, and the present operational costs of physical AI systems can compound these challenges. In addition to overall electricity consumption, some physical AI deployments require thermal management systems for certain use cases. And in other deployments, edge processors must manage highly variable power demands, switching from low-power idling to maximum compute in short bursts.</p> </section> <section class="section main-article-chapter" data-menu-title="Strategies for deploying physical AI systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Strategies for deploying physical AI systems</h2> <p>The fundamental advantage of physical AI is its fast adaptation and integration with existing IT systems. Data-centric architecture, APIs and edge deployments make deployments possible. Organizations can extend data center capabilities into an environment and ensure submillisecond processing for model inferencing and autonomous operations. Localized, static RAM can further reduce data movement. <a target="_blank" href="https://www.techtarget.com/searchenterpriseai/tip/Optimizing-hybrid-cloud-architecture-for-AI-workloads" rel="noopener">Hybrid cloud</a> edge architectures help process vast amounts of unstructured data. Mesh networking and software-defined WANs connect discrete edge environments, supporting the hybrid architecture.</p> <p>Wi-Fi 6/7 and Ethernet time-sensitive networking can deliver ultra-low latencies and reliable wireless communications necessary for autonomous robots in manufacturing and collision avoidance for driverless vehicles. Recent advances in 5G/6G enable the ingestion of massive amounts of real-time data from geographically widespread, dense sensor networks. These telecom radio access networks and 5G/6G base stations enable the kinds of massive interconnectivity that transform isolated physical AI initiatives into interactive, distributed compute platforms.</p> <p>Shifting compute from centralized data centers to edge environments and the embodied devices themselves can reduce energy consumption and data transmission costs. While it's true that the power intensity of some physical AI devices requires energy-intensive processing at the edge, the sustainability possibilities are also considerable. These include improved energy efficiency through autonomous, managed resources, and the prevalence of battery power and renewable energy to support on-device computing.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.theserverside.com/rms/onlineimages/cobots_at_a_glance-f.png"> <img data-src="https://www.theserverside.com/rms/onlineimages/cobots_at_a_glance-f_mobile.png" class="lazy" data-srcset="https://www.theserverside.com/rms/onlineimages/cobots_at_a_glance-f_mobile.png 960w,https://www.theserverside.com/rms/onlineimages/cobots_at_a_glance-f.png 1280w" alt="Lists of the various elements of cobots, or collaborative robots." data-credit="TechTarget" height="299" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Successful deployment of physical AI systems as coworkers, or cobots, relies on leadership buy-in and a clear strategy. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>With the infrastructure in place, businesses need to implement operational strategies for physical AI. A strategy that emphasizes incremental adoption and structured integration will prevent workflow disruptions and ensure that legacy IT equipment integrates seamlessly with physical AI sensors, machinery or autonomous devices. Early deployments should operate under close administrative supervision. Oversight should include mapping data flows, evaluating decision-making processes and identifying whether specific physical AI systems require additional sensors or connectivity to prevent processing and operational bottlenecks.</p> <p>IT leaders must also focus on organizational readiness and change management, assessing whether teams are prepared to process information from physical AI and to work alongside intelligent systems. Complete executive buy-in and clear communication help demonstrate how physical AI can support a workforce, add value and further enhance safety. Adoptions could benefit from controlled deployment pilots and gradual rollouts to ensure that physical AI performs reliably and meets expectations across a range of conditions.</p> <p><em>Kerry Doyle writes about technology for a variety of publications and platforms. His current focus is on issues relevant to IT and enterprise leaders across a range of topics, from nanotech and cloud to distributed services and AI.</em></p> </section> Physical AI systems are becoming a priority for companies because of their strategic and operational advantages. But businesses must contend with their infrastructure needs. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a205627811.jpg https://www.techtarget.com/searchenterpriseai/tip/Infrastructure-requirements-for-physical-AI-systems Fri, 17 Apr 2026 09:49:00 GMT Infrastructure requirements for physical AI systems <p>Anthropic will make its Mythos AI model preview available to UK banks as early as next week, giving them an opportunity to close the security holes it has exposed.</p> <p>Anthropic said Mythos has already found vulnerabilities in every single operating system and web browser.</p> <p>UK banks will join a select group of companies in the US that were given early access to the artificial intelligence (AI) model as part of Anthropic’s <a href="https://www.anthropic.com/glasswing">Project Glasswing</a>.</p> <p>In the project, it said Amazon Web Services (AWS), Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks will “use Mythos Preview as part of their defensive security work”.</p> <p>UK banks will be up next, according to Anthropic’s European boss, Pip White. <a href="https://www.bloomberg.com/news/videos/2026-04-16/anthropic-s-mythos-available-to-uk-banks-in-next-week-video">Speaking to Bloomberg</a>, she said the company will give UK banks access to Mythos as early as next week.</p> <p>“We’ve opened this out to a number of organisations, including Microsoft, AWS, some financial institutions, a very small cohort,” she told Bloomberg.</p> <p>“And essentially, Mythos has really showed us that there are a lot of very severe vulnerabilities right now.”</p> <section class="section main-article-chapter" data-menu-title="Vulnerabilities everywhere"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Vulnerabilities everywhere</h2> <p>White added that Mythos found vulnerabilities in every single operating system and in every single web browser. “We wanted to build this small cohort first, basically learn from what they found in a very contained and controlled manner,” she said. “But our intention is definitely to expand this out in a very intentional way.”</p> <p>UK financial services firms are yet to be involved, but this is about to change. “I think that is in the very near term, like in the next week,” said White.</p> <p>Mythos hit the headlines this week when <a href="https://www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model">UK banks were called in by regulators</a> as the model identified thousands of software vulnerabilities.</p> <p>The company announced Project Glasswing to enable organisations to develop defences against its misuse.</p> <p>Mythos’s ability to identify security flaws in software which have remained undetected for years, despite organisations such as banks constantly looking for them, is a warning of what AI in the wrong hands could do. </p> <p>White said Anthropic has been in contact with banking leaders this week. “As you would expect, the engagement that I’ve had from CEOs in the last week in the UK has been significant,” she said. “Customers firstly want to say that they appreciate our very thoughtful approach to the way in which we have released Mythos. But secondly, of course, they want to understand the opportunity to be considered to gain access to that model in a controlled way.</p> <p>“And so, we’ve been having a lot of conversations with CEOs about the reason why, firstly, we did Project Glasswing, and the way that we thought about that intentionally.”</p> </section> <section class="section main-article-chapter" data-menu-title="Badly needed"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Badly needed</h2> <p>In a blogpost, benchmarking firm <a href="https://evidentinsights.com/bankingbrief/much-ado-about-mythos">Evident, which tracks financial services AI adoption, wrote</a>: “Banks have gotten a head start testing <a target="_blank" href="https://url.us.m.mimecastprotect.com/s/GipKCERZP5fn0jwWXsgcoT7AyZT?domain=urldefense.com" rel="noopener">Mythos</a>, the new cyber security model from Anthropic it deemed too dangerous to release to the public. What the lenders that have access are finding so far shows just how badly they needed it.</p> <p>“This is hardly the first time a new model has rocked the enterprise, but top regulators didn’t haul bank executives in for emergency meetings when GPT-5 got released last summer,” said Evident in its blog post. “The fear with Mythos is it can turn anyone into the best hacker banks have ever seen – not just because it can sniff out weaknesses in decades-old software that have evaded human detection, but because it can generate the code that lets them exploit it automatically.”</p> <p>One IT professional in the banking sector said: “I think they have been given a chance to find and fix their own vulnerabilities before this technology gets in the hands of the bad guys. They have been given a window to clean up their shops ahead of wider release.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI risks in finance</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model">Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities</a>.</li> <li><a href="https://www.computerweekly.com/news/366641650/Finance-regulators-to-address-AI-risks-after-MPs-say-they-are-not-doing-enough">Finance regulators to address artificial intelligence risks after MPs say they are ‘not doing enough’</a>.</li> <li><a href="https://www.computerweekly.com/news/366639069/Artificial-intelligence-creeping-into-high-risk-stock-trading">Nearly three million people in the UK are using AI tools when making financial decisions, with a worrying increase in those using it to trade on the stock market</a>.</li> </ul> </div> </div> </section> Artificial intelligence supplier promises UK banks opportunity to review AI model, which has already revealed thousands of security flaws https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/City-of-London-istock.jpg https://www.computerweekly.com/news/366641763/Bank-cyber-teams-on-red-alert-as-Anthropic-promises-them-Mythos-next-week Fri, 17 Apr 2026 09:45:00 GMT Bank cyber teams on red alert as Anthropic promises them Mythos next week <p>Ask most businesses if they have enough customer data and the answer is almost always yes. The harder question is: Can they use the information? That answer is more uncomfortable.</p> <p>The problem is not information volume; it's fragmentation. The data is disjointed -- customer records in the CRM, web behavior in the analytics tool, support tickets in the service platform, email engagement in the marketing system. Each team has a piece of the puzzle, but nobody has the whole thing.</p> <p>This problem matters more than it seems. When customer service agents have no insights into recent marketing activity, they ask questions the customer has already answered. When marketing teams don't know a customer has an open complaint, they send a promotional email at the wrong time. These are not catastrophic failures, but they erode trust, waste effort and add frustration over time.</p> <p>Centralizing customer interaction data is one of the more effective ways to address this problem. Most organizations that centralize customer data effectively are using a <a href="https://www.techtarget.com/searchcustomerexperience/definition/customer-data-platform">customer data platform</a> (CDP) as the foundation.</p> <section class="section main-article-chapter" data-menu-title="What does a customer data platform do?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What does a customer data platform do?</h2> <p>A customer data platform ingests data from multiple source systems, such as CRM, web, mobile, service tools and transactional databases. From these systems, a CDP builds unified customer profiles. The key function is <a href="https://www.techtarget.com/searchcustomerexperience/definition/identity-resolution">identity resolution</a>, which entails linking a web visitor to an email subscription to a service contact and recognizing that individual as the same person across all those touchpoints.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A CDP is the connective tissue between systems that weren't designed to talk to each other. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Once that unified profile exists, it becomes the shared source of truth that other systems can draw from. Marketing platforms can pull accurate segments. Service tools can surface relevant history. Digital channels can enhance personalization based on actual behavior rather than guesswork.</p> <p>A CDP isn't a replacement for an existing <a href="https://www.techtarget.com/searchcustomerexperience/tip/Modern-CX-tech-stack-The-core-components-and-how-to-build-it">customer data tech stack</a>. It sits alongside it, acting as the connective tissue between systems that weren't designed to talk to each other.</p> </section> <section class="section main-article-chapter" data-menu-title="CDP benefits: Better customer insights"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CDP benefits: Better customer insights</h2> <p>In marketing, segmentation becomes more precise when organizations centralize customer interaction data. Instead of targeting based on demographic attributes, campaigns can be built around actual behavior, such as customers who browsed a product category three times but didn't buy, or those who haven't engaged in 90 days.</p> <p>Suppression becomes easier, too. For example, organizations could exclude customers with open complaints from a promotional campaign, but only if the data is connected.</p> <p>In customer service, agents get context they didn't have before. Knowing a customer just received a marketing email or recently made a large purchase, changes how a conversation should be handled. This also eases customers' frustration because they don't have to repeat themselves across communication channels.</p> </section> <section class="section main-article-chapter" data-menu-title="The challenges are mostly not technical"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The challenges are mostly not technical</h2> <p>Many CDP implementations run into trouble, but the platform itself rarely causes the problem. Let's examine a few of the challenges around centralizing customer interaction data.</p> <ul class="default-list"> <li><b>Data ownership </b>raises questions that nobody has had to answer before. Who owns the canonical customer record? What happens when the CRM and the service tool disagree on a customer's contact details? These are governance questions, and they need answers before any meaningful integration can happen.</li> <li><b>Identity resolution </b>is harder in practice than it sounds. Matching records on an email address alone is often insufficient. People use multiple addresses, share accounts or change their details over time. Effective resolution usually requires a combination of attributes and a <a href="https://www.techtarget.com/searchdatamanagement/tip/How-deterministic-and-probabilistic-matching-work">probabilistic matching strategy alongside deterministic rules</a>.</li> <li><b>Unclear outcomes </b>might be the most common problem of all. Organizations that start with "Let's centralize all our customer data" without defining what they'll do with it usually end up with an expensive, well-organized data store that nobody uses operationally.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Best practices in implementing CDPs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Best practices in implementing CDPs</h2> <p>Organizations that <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-choose-a-customer-data-platform">get value from CDP implementations</a> tend to take a narrower path. Starting with two or three specific use cases, rather than an enterprise-wide rollout, makes the project manageable and creates early evidence of value.</p> <p>Identity strategy needs to be agreed on early. Determine how customers will be matched across systems, what the canonical identifier will be and how conflicts between source records will be resolved. Getting this right at the start is far easier than fixing it after data has been ingested at scale.</p> <p>Data quality also needs an <a target="_blank" href="https://www.redpointglobal.com/blog/data-quality-and-role-of-cdp/" rel="noopener">honest assessment</a> before anything gets centralized. A CDP that consolidates poor-quality data from five systems doesn't improve the situation -- it makes it harder to spot where the problems are.</p> </section> <section class="section main-article-chapter" data-menu-title="A shared and reliable view of the customer"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A shared and reliable view of the customer</h2> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The underlying goal is straightforward: Give teams a shared and reliable picture of the customer. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>A CDP doesn't solve problems that are fundamentally about people or process. Organizations that treat a CDP rollout as a technical project rather than a business change initiative usually end up with something that technically works but doesn't get used.</p> <p>The underlying goal is straightforward: Give teams a shared and reliable picture of the customer. Getting there, however, requires more groundwork than most organizations expect. But, when it works, the difference in how coherently a business engages with its customers is noticeable.</p> <p><i>Robert Peledie is an enterprise architect, solution architect and director of CRM consultancy 365Knowledge Ltd. He has several years of consulting experience in global organizations.</i></p> </section> Organizations often have reams of customer interaction data. But how do they centralize and unify this information? Well, a customer data platform helps. https://cdn.ttgtmedia.com/rms/onlineimages/telecommunications_g1247980427.jpg https://www.techtarget.com/searchcustomerexperience/tip/How-to-centralize-customer-interaction-data-in-one-platform Fri, 17 Apr 2026 09:00:00 GMT How to centralize customer interaction data in one platform TheServerSide.com 60 webmaster@techtarget.com