Quote for the day:
"Hardships often prepare ordinary people for an extraordinary destiny." -- C.S. Lewis
Introduction to Cloud Native Computing
In cloud native systems, security requires a different approach compared to
traditional architectures. In a distributed system, the old “castle and moat”
model of creating secure perimeter around vital systems, applications, APIs and
data is not feasible. In a cloud native architecture, the “castles” are
distributed across various environments — public and private cloud, on-prem —
and they may pop up and disappear in seconds. ... DevSecOps integrates security
practices within the DevOps process, ensuring that security is a shared
responsibility and is considered at every stage of the software development life
cycle. Implementing DevSecOps in a cloud native context helps organizations
maintain robust security postures while capitalizing on the agility and speed of
cloud native development. ... Cloud native applications often operate in dynamic
environments that are subject to rapid changes. By adopting the following
strategies and practices, cloud native applications can effectively scale in
response to user demands and environmental changes, ensuring high performance
and user satisfaction. ... By strategically adopting hybrid and multicloud
approaches and effectively managing their complexities, organizations can
significantly enhance their agility, resilience, and operational efficiency in
the cloud native landscape. While hybrid and multicloud strategies offer
benefits, they also introduce complexity in management. How a New CIO Can Fix the Mess Left by Their Predecessor
The new CIO should listen to IT teams, business stakeholders, and end-users to
uncover pain points and achieve quick wins that will build credibility, says
Antony Marceles, founder of Pumex, a software development and technology
integration company in an online interview. Whether to rebuild or repair depends
on the architecture's integrity. "Sometimes, patching legacy systems only delays
the inevitable, but in other cases smart triage can buy time for a thoughtful
transformation." ... Support can often come from unconventional corners, such as
high-performing team leads, finance partners, or external advisors, all of whom
may have experienced their own transitions, Marceles says. "The biggest mistake
is trying to fix everything at once or imposing top-down change without
context," he notes. "A new CIO needs to balance urgency with empathy,
understanding that cleaning up someone else’s mess is as much about culture
repair as it is about tech realignment." ... When you inherit a messy situation,
it's both a technical and leadership challenge, de Silva says. "The best thing
you can do is lead with transparency, make thoughtful decisions, and rebuild
confidence across the organization." People want to see steady hands and clear
thinking, he observes. "That goes a long way in these situations."
Every Business Is Becoming An AI Company. Here's How To Do It Right
“The extent to which we can use AI to augment the curious, driven and
collaborative tendencies of our teams, the more optimistic we can be about their
ability to develop new, unimagined innovations that open new streams of
revenue,” Aktar writes. Otherwise, executives may expect more from employees
without considering that new tech tools require training to use well, and
troubleshooting to maintain. Plus, automated production routinely requires human
intervention to protect quality. If executives merely expect teams to churn out
more work — seeing AI tools and services as a way to reduce headcount — the
result may be additional work and lower morale. “Workers report spending more
time reviewing AI-generated content and learning tool complexities than the time
these tools supposedly save,” writes Forbes contributor Luis Romero, the founder
of GenStorm AI. ... “What draws people in now isn’t just communication. It’s the
sense that someone notices effort before asking for output,” writes Forbes
contributor Vibhas Ratanjee, a Gallup researcher who specializes in leadership
development. “Most internal tools are built to save time. Fewer steps. Smoother
clicks. But frictionless doesn’t always mean thoughtful. When we remove human
pauses, we risk removing the parts that build connection.”Four Steps for Turning Data Clutter into Competitive Power: Your Sovereign AI and Data Blueprint
The ability to act on data in real-time isn’t just beneficial—it’s a necessity
in today’s fast-paced world. Accenture reports that companies able to leverage
real-time data are 2.5 times more likely to outperform competitors. Consider
Uber, which adjusts its pricing dynamically based on real-time factors like
demand, traffic, and weather conditions. This near-instant capability drives
business success by aligning offerings with evolving customer needs. Companies
stand a lot to gain by giving frontline employees the ability to make
informed, real-time decisions. But in order to do so, they need a near-instant
understanding of customer data. This means the data needs to flow seamlessly
across domains so that real-time models can provide timely information to help
workers make impactful decisions. ... The success of AI initiatives depends on
the ability to access, govern, and process at scale. Therefore, the success of
an enterprise’s AI initiatives hinges on its ability to access its data
anywhere, anytime—while maintaining compliance. These new demands require a
governance framework that operates across environments—from on-premise to
private and public clouds—while maintaining flexibility and compliance every
step of the way. Companies like Netflix, which handles billions of daily data
events, rely on sophisticated data architectures to support AI-driven
recommendations.Third-party risk management is broken — but not beyond repair
The consequences of this checkbox culture extend beyond ineffective risk
management and have led to “questionnaire fatigue” among vendors. In many
cases, security questionnaires are delivered as one-size-fits-all templates,
an approach that floods recipients with static, repetitive questions, many of
which aren’t relevant to their specific role or risk posture. Without
tailoring or context, these reviews become procedural exercises rather than
meaningful evaluations. The result is surface-level engagement, where
companies appear to conduct due diligence but in fact miss critical insights.
Risk profiles end up looking complete on paper while failing to capture the
real-world complexity of the threats they’re meant to address. ... To break
away from this harmful cycle, organizations must overhaul their approach to
TPRM from the ground up by adopting a truly risk-based approach that moves
beyond simple compliance. This requires developing targeted, substantive
security questionnaires that prioritize depth over breadth and get to the
heart of a vendor’s security practices. Rather than sending out blanket
questionnaires, organizations should create assessments that are specific,
relevant, and probing, asking questions that genuinely reveal the strengths
and weaknesses of a vendor’s cybersecurity posture. This emphasis on quality
over quantity in assessments allows organizations to move away from treating
TPRM as a paperwork exercise and back toward its original intent: effective
risk management.The rise of agentic AI and what it means for ANZ enterprise
Agentic AI has unique benefits, but it also presents unique risks, and as more organisations adopt agentic AI, they're discovering that robust data governance— the establishment of policies, roles, and technology to manage and safeguard an organization's data assets—is essential when it comes to ensuring that these systems function securely and effectively. ... Effective governance is on the rise because it helps address critical AI-related security and productivity issues like preventing data breaches and reducing AI-related errors. Without strong data governance measures, agents may inadvertently expose sensitive information or make flawed autonomous decisions. With strong data governance measures, organisations can proactively safeguard their data by implementing comprehensive governance policies and deploying technologies to monitor AI runtime environments. This not only enhances security but also ensures that agentic AI tools operate optimally, delivering significant value with minimal risk. ... To grapple with these and other AI-related challenges, Gartner now recommends that organisations apply its AI TRiSM (trust, risk, and security management) frameworks to their data environments. Data and information governance are a key part of this framework, along with AI governance and AI runtime inspection and enforcement technology.Choosing a Clear Direction in the Face of Growing Cybersecurity Demands
CISO’s must balance multiple priorities with many facing overwhelming
workloads, budget constraints, insufficient board-level support and
unreasonable demands. From a revenue perspective they must align cybersecurity
strategies with business goals, ensuring that security investments support
revenue generation and protect critical assets. They’re under pressure to
automate repetitive tasks, consolidating and streamlining processes while
minimizing downtime and disruption. And then there is AI and the potential
benefits it may bring to the security team and to the productivity of users.
But all the while remembering that with AI, we have put technology in the
hands of users, who have not traditionally been good with tech, because we’ve
made it easier and quicker than ever before. ... They need to choose one
key goal rather than trying to do everything. Do I want to “go faster” and
innovate? Or do I want to become a more efficient business and “do more” with
less Whichever they opt for, they also need to figure out all the different
tools to use to accomplish that goal. This is where cybersecurity automation
and AI comes into play. Using AI, machine learning, and automated tools to
detect, prevent, and respond to cyber threats without human intervention,
CISOs can streamline their security operations, reduce manual workload, and
improve response times to cyberattacks and, in effect, do more with less.Will AI replace humans at work? 4 ways it already has the edge
There are tasks that humans are perfectly good at but are not nearly as fast
as AI. One example is restoring or upscaling images: taking pixelated, noisy
or blurry images and making a crisper and higher-resolution version. Humans
are good at this; given the right digital tools and enough time, they can fill
in fine details. But they are too slow to efficiently process large images or
videos. AI models can do the job blazingly fast, a capability with important
industrial applications. ... AI will increasingly be used in tasks that humans
can do well in one place at a time, but that AI can do in millions of places
simultaneously. A familiar example is ad targeting and personalization. Human
marketers can collect data and predict what types of people will respond to
certain advertisements. This capability is important commercially; advertising
is a trillion-dollar market globally. AI models can do this for every single
product, TV show, website, and internet user. ... AI can be advantageous when
it does more things than any one person could, even when a human might do
better at any one of those tasks. Generative AI systems such as ChatGPT can
engage in conversation on any topic, write an essay espousing any position,
create poetry in any style and language, write computer code in any
programming language, and more. 8 steps to ensure data privacy compliance across borders
Given the conflicting and evolving nature of global privacy laws, a
one-size-fits-all approach is ineffective. Instead, companies should adopt a
baseline standard that can be applied globally. “We default to the strictest
applicable standard,” says Kory Fong, VP of engineering at Private AI in
Toronto. “Our baseline makes sure we can flexibly adapt to regional laws
without starting from scratch each time a regulation changes.” ... “It’s about
creating an environment where regulatory knowledge is baked into day-to-day
decision making,” he says. “We regularly monitor global policy developments
and involve our privacy experts early in the planning process so we’re
prepared, not just reactive.” Alex Spokoiny, CIO at Israel’s Check Point
Software Technologies, says to stay ahead of emerging regulations, his company
has moved away from rigid policies to a much more flexible, risk-aware
approach. “The key is staying close to what data we collect, where it flows,
and how it’s used so we can adjust quickly when new rules come up,” he says.
... Effective data privacy management requires a multidisciplinary approach,
involving IT, legal, compliance, and product teams. “Cross-functional
collaboration is built into our steering teams,” says Lexmark’s Willett. “Over
the years, we’ve fundamentally transformed our approach to data governance by
establishing the Enterprise Data Governance and Ethics community.”Leading without titles: The rise of influence-driven leadership
Leadership isn’t about being in charge—it’s about showing up when it matters,
listening when it's hardest, and holding space when others need it most. It’s
not about corner offices or formal titles—it’s about quiet strength, humility,
and the courage to uplift. The leaders who will shape the future are not
defined by their job descriptions, but by how they make others feel—especially
in moments of uncertainty. The associate who lifts a teammate’s spirits, the
manager who creates psychological safety, the engineer who ensures quieter
voices are heard—these are the ones redefining leadership through compassion,
not control. As Simon Sinek reminds us, "Leadership is not about being in
charge. It is about taking care of those in your charge." Real leadership
leaves people better than it found them. It inspires not by authority, but by
action. It earns loyalty not through power, but through presence. According to
Gartner (2024), 74% of employees are more likely to stay in organisations
where leadership is approachable, transparent, and grounded in shared
values—not status. Let’s recognise these leaders. Let’s build cultures that
reward empathy, connection, and quiet courage. Because true leadership makes
people feel seen—not small.
/articles/staff-plus-strategic-thinking/en/smallimage/thumbnail-1749200507294.jpg)
