Quote for the day:
"The best teachers are those who don't tell you how to get there but show the way." -- @Pilotspeaker
AI spending may slow down as ROI remains elusive
Some AI experts agree with Forrester that an AI market correction is on the way.
Microsoft founder Bill Gates recently talked about the existence of an AI
bubble, and industry observers have noted that some AI excitement is dimming.
Many don’t see an AI bubble that will burst in the near future, but it’s
deflating a bit. Still others don’t see much of a slowdown in the near term. ...
Some organizations are not achieving the accuracy they need from AI tools, and
others are not finding their data to be easily accessible or properly
structured, says Sam Ferrise, CTO of IT consulting firm Trinetix. “Many
organizations are realizing that their expectations for AI accuracy and
performance don’t always align with the level of investment they’re willing — or
able — to make,” he says. “The key is calibrating expectations relative to both
the investment and the use case.” In other cases, enterprises deploying AI are
running into privacy or security problems, he adds. “Many teams successfully
prove a use case with clear ROI, only to realize later that they must harden the
solution before it can safely move into production,” Ferrise says. “When that
alignment isn’t there, it’s natural for organizations to pause or delay spending
until they can justify the value.” The prospect of a bubble bursting may be an
overly dramatic scenario, although not impossible, he adds. It’s been easy for
organizations to overlook intangible costs such as training, compliance, and
governance.Why can’t enterprises get a handle on the cloud misconfiguration problem?
“Microsoft, Google, and Amazon have handed us a problem,” says Andrew Wilder,
CSO at Vetcor, a national network of more than 900 veterinary hospitals. “By
default, everything is insecure, and you have to put security on top of it. It
would be much better if they just gave us out-of-the-box secure stuff. Would you
buy a car that doesn’t have locks? They wouldn’t even sell that car.” This
security gap is what allows third-party vendors to exist, he says. “You should
be building products — and I’m talking to you, Google, Microsoft, and Amazon —
that are secure by design, so you don’t have to get a third-party tool. They
should be out of the box secure.” ... When administrators or users make changes
to cloud configurations in the cloud management consoles, it’s difficult to
track those changes and to revert them if something goes wrong. Plus, humans can
easily make mistakes. The solution experts advise is to adopt the principle of
“infrastructure as code” and use configuration management tools so that all
changes are checked against policies, tracked and audited, and can easily be
rolled back. ... Companies will often have monitoring for major cloud services,
but shadow IT deployments are left in the dark. This is less a technology
problem than a management one and can be addressed by better communications with
business units and a more disciplined approach to deploying technology on an
enterprise-wide level. The Supply Chain Blind Spot: Protecting Data in Expanding IT Ecosystems
Data growth is no longer linear, it is exponential. The rise of AI, automation,
and digital platforms has transformed how information is created, stored, and
shared. In India, this acceleration is particularly visible. The country’s data
centre industry has grown from 590 MW in 2019 to 1.4 GW in 2024, a 139% jump,
and is projected to reach 3 GW by 2030, driven by cloud adoption, AI demand, and
data localisation initiatives. This infrastructure boom, while positive, brings
new operational realities. Most enterprises now operate across hybrid
environments, combining on-premises, public cloud and SaaS-based data stores.
Without unified oversight, these fragmented environments risk becoming silos.
True resilience depends not just on protecting data but understanding where it
lives, how it moves, and who controls it. ... Globally, enterprises are
reframing resilience as a core business capability. This approach requires
integrating resilience principles into decision-making: from procurement and
architecture design to crisis response. Simulated attacks, failover testing and
dependency audits are becoming part of daily operational culture, not annual
exercises. For Indian organizations, this mindset shift is vital. RBI’s ICT risk
management directives and the DPDP Act establish the baseline; the
differentiator lies in how proactively organizations operationalize these
expectations. The power of low-tech in a high-tech world
Our high-tech society is impressive in the collective. But it robs individuals
of skills. Most kids now can’t write cursive. And they can’t read it, either.
They can’t read an analog clock or a paper map. The acceleration of
technological innovation also accelerates the rate at which we lose skills.
Videogames, smartphones, and dating apps — aided and abetted by the trauma of
the COVID-19 lockdowns a few years ago — have left many young people alone
without the skills to meet and connect with anyone, leading to a loneliness
epidemic among the young. But losing old-fashioned skills and old-school tech
knowledge is a choice we don’t have to make. ... Thousands of scientific reports
all lead us to the same conclusion: Over-reliance on advanced technologies dulls
critical thinking, weakens memory, reduces problem-solving skills, limits
creativity, erodes attention spans, and fosters passive dependence on automated
systems. ... What all these old-school approaches have in common is that they’re
harder and take longer — and they leave you smarter and better connected. In
other words, if you strategically cultivate the skills, habits, discipline and
practice of older tech, you’ll be much more successful in your career and your
life. And here’s one final point: The more high-tech our culture becomes, the
more impactful old-school tech will be. So yes, by all means become brilliantly
skilled at AI chatbot prompt engineering. Why Leaders Cannot Outsource Communication
When communication is delegated to a proxy, that signal weakens. Employees
notice the gap between what the leader says or doesn’t say, and what the
organization does. This is why communication has an outsized impact on
engagement. Gallup finds that 70% of the variance in employee engagement is
explained by managers and leaders, not perks or policies. When leaders own the
message, they create psychological safety: the sense that it’s safe to commit,
speak up and take risks. When they don’t, that safety erodes. ... Delegating
communication is tempting. Leaders are busy. They hire communications officers
and agencies to manage the message. These roles are valuable, but they can’t
substitute for the leader’s voice. A speechwriter can shape phrasing and a PR
team can guide timing, but only the leader can deliver authenticity. As Murphy
has written, “Leaders are accountable to employees: Candor about bad news as
well as the good, and feedback that aligns with expectations.” Authenticity
requires candor, even when the message is difficult. When communication comes
from anyone else, it’s interpreted as institutional rather than personal. And
people follow people, not institutions. ... The Operator Economy demands a new
kind of scale, one built not on capital or code, but on human alignment.
Communication is infrastructure. The CEO becomes the signal source around which
all systems calibrate. When leaders “scale themselves” through clarity and
consistency, they convert trust into throughput.
Breaking the Burnout Cycle: How Smart Automation and ASPM Can Restore Developer Joy
Smart automation can rescue developers from repetitive drudgery by using AI to handle routine tasks like test writing, bug fixing, and documentation. Modern application security posture management (ASPM) platforms exemplify this approach by providing contextualized risk assessments rather than overwhelming vulnerability dumps, helping security teams first understand which issues actually matter and then giving developers actionable info on the risk and how it should be fixed. These platforms excel at managing the volume and unpredictability of AI-generated code, turning what was once a blind spot into manageable, prioritized work. ... Technology alone isn't enough. Organizations must also prioritize developer growth by creating opportunities for experimentation, architectural decisions, and end-to-end project ownership while automation handles routine tasks. This means shifting from measuring output volume to focusing on meaningful metrics like code quality and developer satisfaction. AI represents an opportunity for developers to gain expertise in an emerging technology. ... The developer talent crisis is solvable. While AI has introduced new complexities to the software development and security landscape, it also presents unprecedented opportunities for organizations willing to rethink how they support their development teams.The CIO’s Role In Data Democracy: Empowering Teams Without Losing Control
The modern CIO is at a point where they can choose between innovation and
control. In the past, IT departments were thought of as people who took care of
infrastructure and enforced strict regulations about who could access data. The
CIO needs to reassess this way of doing things today. They shouldn’t prohibit
access; instead, they should make it safe by building frameworks. The job has
changed from saying “no” to making sure that when the company says “yes,” it
does it smartly. The CIO is now both an architect and a guardian. They create
systems that make data easy to get to, understand, and act on, all while keeping
security and compliance in mind. ... The CIO is no longer a gatekeeper; they are
instead a designer of trust. The goal is to make governance a part of systems
such that it is seamless, automatic, and easy to use. This change lets companies
keep an eye on things and stay in control without making decisions take longer.
Unified data taxonomies are the first step in building this framework. This
means that all departments use the same naming standards and definitions. When
everyone uses the same “data language,” there is less confusion and more
cooperation. ... Effective governance demands collaboration between IT,
compliance, and business leaders. The CIO must champion cross-functional
alignment where all parties share responsibility for data integrity and use.
What keeps phishing training from fading over time
Employees who want to be helpful or appear responsive can become easier targets
than those reacting to fear or haste. For CISOs, this reinforces the need to
teach users about manipulation through trust and cooperation, not just the
warning signs of urgent or threatening messages. ... Dubniczky said maintaining
employee engagement over time is a major challenge for most organizations. “In
contrast with other research in the area, a key contribution of ours was a
mandatory training after each failed phishing attack,” he explained. “This
strikes a good balance between not needlessly bothering careful employees with
monthly or quarterly trainings while making sure that the highest risk
individuals are constantly trained.” He recommended that organizations vary
their phishing simulations to keep users alert. “We’d recommend performing
monthly penetration tests on smaller groups of people in diverse departments of
the organization with a seemingly random pattern, and making re-training
mandatory in case of successful attacks,” he said. “It’s also difficult to
generalize on this, but this approach seems much more effective than periodic
presentation-style trainings.” ... One of the most striking findings involves
the timing of feedback. When employees clicked a phishing link and then received
an immediate explanation and training prompt, they were far less likely to
repeat the behavior. Around seven in ten employees who failed once did not do so
again.The new QA playbook: Leveraging AI to amplify expertise, not replace it
Many quality teams have been part of the AI journey from the very beginning,
contributing from concept to implementation and helping evaluate large language
models to ensure quality and reliability. However, many AI features are not
developed by QA practitioners, so it is essential to evaluate them through a QA
lens. First, ensure the system can produce what your teams actually use, whether
that is step lists, BDD-style scenarios, or free text that fits your templates
and automation. Next, map the full data journey. Know whether prompts or results
are kept, how encryption and minimization are applied, and where any content is
stored. Finally, require fine-grained controls so you can limit usage by
environment, project, and role. Regulated teams require an audit trail and clear
accountability, which means governance must keep pace with adoption, or speed
will outpace safety. Once review-first habits are in place, build on them. True
oversight requires more than simply checking AI outputs; it demands deeper
knowledge and understanding than the AI itself to spot gaps, inaccuracies, or
misleading information. That’s what separates a passive reviewer from an
effective human in the loop. ... Real gains from AI will not come from
automation alone but from people who know how to guide it with clarity, context,
and care. The future of testing depends on professionals who can combine
technical fluency with critical thinking, ethical judgment, and a sense of
ownership over quality.Your outage costs more than you think – so design with resilience in mind
Service providers are under strain to deliver the rapid speeds and constant
network uptime that modern life demands, with areas like remote working,
financial transactions, cloud access and streaming services expected to work
seamlessly as part of the daily lives of many end users. For many enterprises,
their business depends on this connectivity. Even a single hour of network
disruption can cost an organisation more than $300,000, and the long-term damage
to customer trust often exceeds any immediate financial loss. Despite this, many
organisations still rely on outdated infrastructure that cannot support the
requirements of today’s end users. Legacy environments struggle with explosive
data growth, the soaring demands of AI, and the complexity of distributed,
cloud-first applications. At the same time, power limitations, infrastructure
strain and inconsistent service levels put businesses at risk of falling behind.
The gap between what service providers and enterprises need, and what their
infrastructure can deliver, is widening. ... For service providers, investing in
robust colocation and high-performance networking is not just about upgrading
infrastructure, but enabling customers and partners worldwide to thrive in
today’s fast-paced digital landscape. By offering resilient and scalable
connectivity, providers can differentiate their service offering, attract
high-value enterprise clients, and create new revenue streams based on
reliability and performance.
/articles/empowering-decentralizing-architectural-decision-making/en/smallimage/empowering-decentralizing-thumbnail-1761736119696.jpg)
