Quote for the day:
"To think creatively, we must be able to look a fresh at what we normally take for granted." -- George Kneller
7 cloud computing trends for leaders to watch in 2026
While many organizations will spend the year finding ways to improve the
effectiveness of their cloud AI infrastructure, others might come to the
realization that it just doesn’t make good sense to keep operating cloud
environments dedicated to training or deploying AI workloads. These
organizations will shift toward an alternative mode of AI infrastructure
consumption, known as AI as a service (AIaaS). This means they’ll purchase
pretrained AI models or AI-powered services from other vendors. ... No matter
where cloud workloads reside, there’s probably a raft of compliance regulations
that govern them, making it more critical than ever to invest in adequate
governance, risk and compliance controls for the cloud. ... Of course, smart
organizations won’t simply fork over more money to cloud providers just because
the latter raise their prices. They’ll find ways to optimize cloud
costs. Indeed, while FinOps -- a discipline focused on effective management
of cloud spending -- has been around for years, cloud cost pressures, combined
with more general enterprise fiscal concerns such as stubbornly high borrowing
rates, mean that FinOps will likely be at the heart of more boardroom
conversations over the coming year. ... The network infrastructure that connects
cloud workloads and environments has long been one of the weakest links in
overall cloud performance. Typically, cloud-based apps can process
data much faster than they can move it over the network, which means the
network often becomes the bottleneck on overall application responsiveness.Your Teams’ Phones Are Now Your Biggest Security Hole. How to Plug It
Mobile banking adoption only continues to accelerate. Consumers are banking on
their phones more than any other channel. Mobile access is another sign of the
times. Yet as “bring your own device” (BYOD) expands for working, the
assumptions behind “securing” personal devices are falling apart. New data from
Verizon confirms what security leaders already feel: maintaining zero trust on
mobile endpoints is becoming nearly impossible, even as AI-driven attacks
reshape the landscape in real time. ... Agentic AI has compressed the attack
lifecycle from months to minutes. This technology has transformed phishing and
smishing into adaptive, multi-channel attacks. The Verizon report above found
that 77% of organizations expect AI-assisted smishing to succeed. And 85% are
already seeing more mobile attacks. ... Near-Field Communication and Bluetooth
attacks now allow compromise by proximity. The tooling is cheap, accessible and
increasingly automated. Exploits at the operating system level and
firmware-level bypass mobile device management (MDM), mobile application
management (MAM), antivirus and compliance controls entirely. You can have the
cleanest, most “compliant” device in the world and still be wide open below the
operating system. ... Institutions should assess whether their current mobile
strategy depends on trusting user devices, managing them more tightly, or adding
layers of software to inherently insecure endpoints.Using unstructured data to fuel enterprise AI success
Unstructured data presents inherent difficulties due to its widely varying
format, quality, and reliability, requiring specialized tools like natural
language processing and AI to make sense of it. Every organization’s pool of
unstructured data also contains domain-specific characteristics and terminology
that generic AI models may not automatically understand. A financial services
firm, for example, cannot simply use a general language model for fraud
detection. Instead, it needs to adapt the model to understand regulatory
language, transaction patterns, industry-specific risk indicators, and unique
company context like data policies. ... “You can't assume that an out-of-the-box
computer vision model is going to give you better inventory management, for
example, by taking that open source model and applying it to whatever your
unstructured data feeds are,” says Cealey. “You need to fine-tune it so it gives
you the data exports in the format you want and helps your aims. That's where
you start to see high-performative models that can then actually generate useful
data insights.” ... while the AI technology mix available to companies changes
by the day, they cannot eschew old-fashioned commercial metrics: clear goals.
Without clarity on the business purpose, AI pilot programs can easily turn into
open-ended, meandering research projects that prove expensive in terms of
compute, data costs, and staffing. Deepfake Fraud Tools Are Lagging Behind Expectations
Deepfake programs today fall into three buckets, experts say. Some are just
post-production video editing tools. Some are hosted Web services. Programs that
work in either of these ways might be able to create solid deepfake files, but
only real-time webcam swappers threaten to trick an algorithm live and in real
time. ... Thankfully, in contrast to most cybersecurity trends, the defenders
are really ahead of the attackers here. Forrest attributes this, in part, to an
imbalance in information. IT hackers have all the time in the world to learn
about the systems they might want to attack. When it comes to KYC fraud, he
says, "We learn vast amounts about every attack. We can study them. We can see
what the attacker's doing. Whereas all they get back is a single yes or no
answer. And so they learn nothing. They don't know if they're improving or not."
Ironically, the fact that deepfakes are so realistic today is actually now
working against attackers' interests. Before, they could measure their progress
toward realism with their eyes. Now, they have to counteract defensive
techniques they have no knowledge of. Forrest points out that "what looks
really, really good to your eye is not necessarily the same as what looks very,
very good to detection software. So if as a human being, you can't recognize the
differences, it's very, very hard to understand how to attack them."The Data Governance Challenge: Real-World Applications from Theory
Getting executive buy-in for and engaging the enterprise is a tricky endeavor.
But, they succeeded by meeting the business where it was and applying data
governance principles there. They piggybacked on business goals and
requirements, acknowledged all the different needs, and tailored their messaging
to each stakeholder segment. The challenge required teams to deliver a
five-minute pitch and blueprint showing impact within 90 days. But what does
sustained data governance look like beyond those initial wins? Cindy
Hoffman, director of enterprise AI at Xcel Energy, discussed the ins and outs of
sustaining a successful program in her closing keynote, “From Vision to Value –
Building a Resilient Data Governance Program.” Xcel Energy started a data
governance program to support an enterprise resource planning (ERP)
implementation. She emphasized that implementing governance frameworks “really
does take a bit of time, but it has to be something that you adopt and adapt
along the way.” Her team’s recent AI-enabled metadata classification project cut
a two-to-three-year data migration timeline to roughly one year – a 90% time
reduction that proved governance principles drive measurable results. The key
takeaway from both Hoffman’s journey and the WDMG challenge: Data governance
knowledge matters most when applied to the chaos of actual business constraints.
Whether you’re advocating to executives or engaging across the enterprise,
that’s how data governance moves from PowerPoint to practice.The hidden devops crisis that AI workloads are about to expose
Testing for resilience needs to happen at every layer of the stack, not just in
staging or production. Can your system handle failure scenarios? Is it actually
highly available? We used to wait until upper environments to add redundancy,
but that doesn’t work when downtime immediately impacts AI inference quality or
business decisions. The challenge is that many teams bolt on observability
as an afterthought. They’ll instrument production but leave lower environments
relatively blind. This creates a painful dynamic where issues don’t surface
until staging or production, when they cost significantly more to fix. The
solution is instrumenting at the lowest levels of the stack, even in developers’
local environments. This adds tooling overhead up front, but it allows you to
catch data schema mismatches, throughput bottlenecks, and potential failures
before they become production issues. ... Another common mistake is treating
schema management as an afterthought. Teams hard-code data schemas in producers
and consumers, which works fine initially but breaks down as soon as you add a
new field. If producers emit events with a new schema and consumers aren’t
ready, everything grinds to a halt. By adding a schema registry between
producers and consumers, schema evolution happens automatically. ... Devops
teams that cling to component-level testing and basic monitoring will struggle
to keep pace with the data demands of AI. Six for 2026: The cyber threats you can’t ignore
By generating ever more realistic content, these techniques and technologies
can compromise various identity and authentication checks. Or, they can be
used to manipulate insiders into establishing trust with adversaries and
sharing sensitive or privileged data which could ultimately allow attackers to
compromise systems or exfiltrate data. ... Thanks to AI-driven tools, finding
vulnerabilities has accelerated to warp speed: vulnerabilities can be
exploited in minutes not hours. Network scans that previously required human
review can be analyzed, and attacks can be launched by automated agents. Now,
even attacker communications can more easily hide by creating new tools and
exploiting known blindspots in tunnels and through LoTL of network devices.
... Network infrastructure is dynamic: thanks to virtual machines, containers
and cloud computing, servers and services come and go in a moment, often
creating vulnerable entry points for attackers. As a result, nearly every
static scan becomes outdated because it doesn’t capture the real-time status
of your infrastructure. ... Catching multicloud threats is getting harder as
adversaries get more sophisticated in bypassing existing siloed security tools
such as CNAPP and EDR. Having multiple clouds is today’s norm, and that means
that tools have to do a better job at having the visibility to understand how
networks are constructed across clouds and how data is consumed.Ensuring the long-term reliability and accuracy of AI systems: Moving past AI drift
AI drift is messier. When a generative model drifts, it hallucinates,
fabricates, or misleads. That’s why governance needs to move from periodic
check-ins to real-time vigilance. The NIST AI Risk Management Framework offers
a strong foundation, but a checklist alone won’t be enough. Enterprises need
coverage across two critical aspects:Ensure that the enterprise data is ready
for AI. The data is typically fragmented across scores of systems and that
non-coherence, along with lack of data quality and data governance, leads
models to drift. The other is what I call “living governance”: Councils with
the authority to stop unsafe deployments, adjust validators and bring humans
back into the loop when confidence slips or rather to ensure that confidence
never slips. This is where guardrails matter. ... Culture now extends beyond
individuals. In many enterprises, AI agents are beginning to interact directly
with one another, both agent-to-agent and human-to-agent. That’s a new
collaboration loop, one that demands new norms and maturity. If the culture
isn’t ready, drift doesn’t creep in through the algorithm; it enters through
the people and processes surrounding it. ... Regulatory efforts are
progressing, but they inevitably move more slowly than the pace of technology.
In the meantime, adversaries are already exploiting the gaps with prompt
injections, model poisoning and deepfake phishing. Leadership is a choice not everyone can make
One of the rites of passage in the corporate world is when someone ceases to
be an individual contributor and becomes a team leader. It seems such a
natural transition that if one fails to inch up the corporate totem pole in
commensuration with a receding hairline, the employee is earmarked as irksome
and then some. Remaining an individual contributor for long is both a
financial millstone and a social grindstone – it tires you down and doesn’t
offer much social currency either. Every engineer must have a Faustian Bargain
in becoming a manager – a trade in which the firm loses an able engineer and
gains a lousy manager. Why? Because that’s what is expected of you—move up,
amass people, and manage masses. But does an uber manager automatically become
a leader? Do you keep assimilating people to a point where, someday, you
metamorphose into a leader? Or, is leadership beyond management? I reckon that
to manage is inherited, but to lead is earned. One doesn’t even need to have
people reporting under you for you to be annotated as a leader. ... Leadership
is a choice and is exercised only at the time of crisis, except that a leader
can emerge from the most unexpected quarters, from down the ranks, or from
outside the formation. Dhoni, Petrov, and Arkhipov were men from beyond the
establishment. They absorbed immense pressure from all around, maintained a
level-headed approach, and took extreme ownership of their decisions, often in
the face of immediate flak from superiors and onlookers. Program yourself: What languages should you learn in 2026?
Green coding is defined as environmentally sustainable computing practice that
seeks to minimise the energy needed to process lines of code. It enables
organisations to take control of their waste and consumption by prioritising
responsible software usage. If this sounds appealing then why not prioritise
learning a ‘green language’ for example C, Rust or Ada. These are considered
among the languages that require the least amount of energy and time to execute
prompts. ... Cybersecurity careers require a much higher degree of safety
protocols than other professions, due to the high potential for risk, borne of
both mistakes and malicious activity. With that in mind, coders looking to work
in this space should ensure that the programming languages they learn have a
reputation for high performance and can manage complex tasks. ... For those who
want to add some flair and technical prowess to their skillset there are a range
of fun and unique languages to learn, such as LaTeX, an unusual and difficult
method particularly useful to those dealing with complex data and number-heavy
projects. If you want something aesthetic, Piet is a really beautiful and
creative language that takes data and turns it into an abstract painting in an
array of colours, in the style of geometric artist Piet Mondrian. ... if you are
in a STEM career and have both eyes firmly on the future, you may want to keep
your skillset as up to date as possible, which means using the most modern form
of programming. 
