DevOps roles explained: Key jobs, responsibilities and skills

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Mon, 16 Mar 2026 16:52:02 GMT https://www.techtarget.com/iotagenda editor@techtarget.com <p>DevOps shapes the way engineers build and deploy software. But it's not an engineering role in and of itself. It's an operating model that is powered by a variety of distinct roles.</p> <p>This is why simply creating positions with titles such as <a href="https://www.techtarget.com/searchitoperations/definition/DevOps-engineer"><i>DevOps engineer</i></a> is often not enough on its own to implement an effective DevOps strategy. Instead, businesses seeking to launch and scale DevOps initiatives must invest in a variety of roles to address the skills required to sustain DevOps.</p> <p>Indeed, without clearly defined DevOps job roles and responsibilities, organizations risk falling into the trap of saying they "do DevOps" without actually implementing DevOps effectively. The result is that the business misses out on the important benefits that effective DevOps offers, such as faster time to market, more efficient software development processes, better ROI from software and higher-quality software releases.</p> <p>Read on for details as we unpack the key DevOps roles that a typical organization should target, along with descriptions of the responsibilities and <a href="https://www.techtarget.com/searchitoperations/tip/DevOps-engineer-skills-needed-for-continuous-deployment">skills associated with each</a>. This article also explains how to structure DevOps roles so that team members with diverse areas of expertise can work together effectively toward the shared goal of faster, more efficient software releases.</p> <section class="section main-article-chapter" data-menu-title="12 core DevOps roles and responsibilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>12 core DevOps roles and responsibilities</h2> <p>DevOps roles can vary somewhat from one organization to another.</p> <p>For example, for a business that relies heavily on cloud-based software release pipelines, cloud architects are an important component of effective DevOps. This wouldn't be the case for an organization that builds and deploys software on-premises.</p> <p>That said, the following 12 key roles and their associated responsibilities are foundational to most DevOps strategies.</p> <h3>1. Software developers</h3> <p>Code is at the core of <a href="https://www.techtarget.com/searchitoperations/tip/Demystify-the-DevOps-process-step-by-step">DevOps processes</a>, and the people who write code are at the core of a DevOps organization. Hence, software developers play a key role in DevOps.</p> <p>Developers' key responsibilities within DevOps include these tasks:</p> <ul type="disc" class="default-list"> <li>Helping to formulate high-level plans for application architecture and features.</li> <li>Implementing and updating applications by writing code.</li> <li>Fixing code to address problems detected by IT, QA or security engineers -- such as performance bugs or security vulnerabilities.</li> </ul> <p>Ideally, your DevOps strategy is powered by developers who have two main traits. First, they are flexible in their <a href="https://www.techtarget.com/searchapparchitecture/tip/9-low-code-development-tools-to-know">development tool set</a>. They know a variety of programming languages and are familiar with different app development strategies, including Agile methodologies. This flexibility helps your team adjust and improve continuously.</p> <p>Second, developers who support DevOps must have at least a working understanding of what happens to code after it's deployed, as the core focus of DevOps is bridging the gap between software development and post-deployment software management. Developers don't need to be system administration experts, but they should know how to manage production environments and recognize the challenges IT teams face as they manage code after deployment. This knowledge is required to break down the silo structure that separates development from IT operations.</p> <h3>2. IT operations engineers</h3> <p>IT operations engineers -- sometimes called <i>IT engineers</i> -- are the <i>ops</i> in DevOps. Their core responsibilities under a DevOps operating model include the following:</p> <ul type="disc" class="default-list"> <li>Provisioning and deploying the infrastructure necessary to host software.</li> <li>Deploying new software releases.</li> <li>Monitoring and observing software in production environments to detect issues and, where necessary, collaborating with developers to fix them.</li> </ul> <p>DevOps requires IT engineers who are competent in IT operations, but ideally, they are more than that. They understand the <a href="https://www.techtarget.com/searchsoftwarequality/tip/The-stages-of-the-SDLC-explained">software development process</a> workflows and can collaborate with developers to reduce the friction that occurs when developers hand off code for deployment.</p> <p>Look for IT engineers who know how to code. Ideally, they have experience writing not just simple system administration scripts but also application code. This knowledge will enable more effective collaboration with developers.</p> <p>Key roles in a successful DevOps team span coding, security and UX expertise, as well as nontechnical areas.</p> <h3>3. DevOps engineer</h3> <p>Although simply hiring DevOps engineers is hardly enough to excel in DevOps, this role is vital because it helps implement the tools and infrastructure that enable DevOps processes.</p> <p>To this end, DevOps these are engineers' key areas of responsibility:</p> <ul type="disc" class="default-list"> <li>Implementing and managing <a href="https://www.techtarget.com/searchsoftwarequality/CI-CD-pipelines-explained-Everything-you-need-to-know">CI/CD pipelines</a>.</li> <li>Building automations to help streamline application releases and infrastructure management, often with the help of infrastructure-as-code frameworks.</li> </ul> <p>Coding is an essential skill for DevOps engineers, but typically, they write automation code rather than application code.</p> <p>Good DevOps engineers also have a strong understanding of infrastructure design principles and the ability to work with a wide variety of infrastructure platforms -- such as Kubernetes and the various public clouds that an organization might use. </p> <h3>4. Systems architects</h3> <p>DevOps doesn't require a specific architecture. Success isn't determined by whether you host workloads on-premises or in the cloud, nor will it necessarily matter which OSes you use. Still, a team that wants to design a DevOps-friendly architecture should keep certain goals in mind -- which is where systems architects come in.</p> <p>The core responsibilities of systems architects under DevOps include the following:</p> <ul type="disc" class="default-list"> <li>Assessing various options for hosting DevOps tools, such as <a href="https://www.techtarget.com/searchcloudcomputing/tip/Evaluate-these-9-multi-cloud-management-platforms">different cloud environments</a>, and deciding which best meet business needs.</li> <li>Planning and overseeing the implementation of integrations among DevOps tools.</li> <li>Managing and monitoring CI/CD pipelines to help keep DevOps processes running smoothly.</li> </ul> <p>Systems architects' roles are similar to those of DevOps engineers, as both focus on managing the tools and infrastructure that power DevOps processes. The difference is that systems architects specialize in the high-level design of DevOps tools and infrastructure, whereas DevOps engineers usually focus more on the implementation.</p> <p>That said, the overlap between these roles means that some organizations combine them by writing job descriptions that are broad enough for DevOps engineers to cover systems architect responsibilities, and vice versa.</p> <h3>5. QA engineers</h3> <p>Although developers have become more directly involved in software testing in recent years, QA engineers still play a valuable DevOps role. They assist with these essential tasks:</p> <ul type="disc" class="default-list"> <li>Designing and writing <a href="https://www.techtarget.com/searchsoftwarequality/definition/automated-software-testing">automated tests</a> that check software releases for performance and reliability before they are deployed.</li> <li>Running manual tests in cases where automated testing isn't possible or practical, such as when testing a specialized type of application that isn't supported by an automated testing framework.</li> <li>Assessing the results of software tests and working with developers to address bugs detected during testing.</li> </ul> <p>QA engineers focus specifically on defining quality standards for performance, reliability and other factors before software is pushed into production. It's their responsibility to design and run tests that assess whether each new release meets those requirements as it flows through the CI/CD pipeline.</p> <p>In some ways, the work performed by QA engineers might seem at odds with other DevOps goals. Inefficient software testing introduces delays to the CI/CD process, which hampers the fundamental DevOps goal of CD. To support DevOps most effectively, QA engineers should understand how to maintain software quality and minimize disruptions to other DevOps processes. There are several ways to do this.</p> <p>One technique is to embrace <a href="https://www.techtarget.com/searchsoftwarequality/definition/shift-right-testing">shift-right testing</a> for noncritical features. This enables some tests to run after code is deployed, reducing the number of tests that run pre-deployment and getting new releases into production faster. This strategy would be inappropriate for critical features -- those should be tested <i>before</i> deployment -- but it works well for testing smaller application components that won't cause serious problems if they fail a post-deployment test.</p> <p>Good QA engineers can also write efficient tests that run quickly and automatically. They should know the ins and outs of <a href="https://www.techtarget.com/searchsoftwarequality/tip/The-basics-of-implementing-an-API-testing-framework">test automation frameworks</a>, such as Selenium, and be skilled at writing tests that cover a lot of ground without taking a long time to run. They must also know how to interpret test results quickly and communicate to developers how to fix whatever caused the failure. Effective communication between developers and QA engineers in this regard is essential to maintaining the CI/CD pipeline flow even when a test fails.</p> <h3>6. UX engineers</h3> <p>A UX engineer isn't necessarily a DevOps role that immediately comes to mind. An expert who can ensure that software pleases end users, though, adds value to your DevOps process by addressing the following responsibilities:</p> <ul type="disc" class="default-list"> <li>Collaborating with developers during the software design process to ensure that user needs and expectations remain front and center.</li> <li>Prototyping and testing user interfaces.</li> <li>Interfacing with end users to determine whether existing interface capabilities best meet their needs and expectations, and if not, devising ways to improve.</li> </ul> <p>UX work is especially important because it's easy to fixate on the technical aspects of DevOps, such as how often a team releases software or how many tests it runs per release cycle. The goal of DevOps shouldn't be merely to deliver software quickly and efficiently; you also want software that delights users. UX engineers can help the rest of the DevOps team maintain that focus.</p> <h3>7. Security engineers</h3> <p>Security engineers -- specifically, ones who <a href="https://www.techtarget.com/searchitoperations/feature/5-DevSecOps-best-practices-to-prioritize">understand DevSecOps</a> and can put its tenets into practice -- are another core part of a DevOps organization. They bring a specific and important set of skills to the process:</p> <ul type="disc" class="default-list"> <li>Coordinating with developers to plan secure application architectures.</li> <li>Coordinating with IT engineers to design secure infrastructure environments.</li> <li>Testing applications for security risks and collaborating with developers and IT engineers to mitigate them.</li> </ul> <p>To implement DevSecOps, an organization must establish tools and processes that enable developers, security engineers and IT professionals to collaborate on security operations. All three stakeholder groups should have visibility into security issues so they can address them efficiently. Likewise, developers should be prepared to communicate with security engineers early and often to help design code that is secure from the start. IT engineers should work closely with the security team to ensure that their deployment and management processes follow best practices regarding application and infrastructure security.</p> <h3>8. DevOps evangelists</h3> <p>Not everyone will understand what DevOps means or why the organization should invest in the new tools, processes and people necessary to support it. A DevOps evangelist can help smooth over objections to the technology and organizational changes that DevOps adoption demands by covering the following areas of responsibility:</p> <ul type="disc" class="default-list"> <li>Providing general guidance on what it takes to <a href="https://www.techtarget.com/searchitoperations/tip/Target-tangible-IT-goals-during-a-DevOps-culture-shift">build a DevOps-centric culture</a>.</li> <li>Explaining to engineers how DevOps makes their work more efficient.</li> <li>Serving as a bridge between business leaders and technical staff when planning and implementing DevOps strategy.</li> </ul> <p>Although some organizations hire dedicated DevOps evangelists, it's also common for businesses to select team members from other DevOps roles to serve as <i>DevOps champions</i>.</p> <h3>9. Site reliability engineer</h3> <p>One can debate whether a site reliability engineer (<a href="https://www.techtarget.com/searchitoperations/definition/site-reliability-engineering-SRE">SRE</a>) is a core DevOps role or merely a complement to DevOps. Either way, it's hard to deny that having SREs on hand is a good thing for DevOps. SREs can accelerate DevOps by covering these responsibilities:</p> <ul type="disc" class="default-list"> <li>Working with developers and IT engineers to design stable, high-performing applications and infrastructure.</li> <li>Monitoring production environments for performance issues.</li> <li>Taking the lead in incident response by mitigating failures efficiently.</li> </ul> <p>To an extent, these responsibilities overlap with other DevOps roles, such as IT engineers (who also play a role in application monitoring) and QA engineers (who run tests to detect performance issues). An important difference, however, is that SREs usually rely heavily on code-based automation to perform their work. This can help make the work of assessing and managing reliability more scalable and efficient, which shows how SREs can add value even in organizations that already have their core DevOps responsibilities covered.</p> <h3>10. Cloud engineer</h3> <p>As noted above, organizations that depend heavily on cloud computing might choose to include <a href="https://www.techtarget.com/searchcloudcomputing/definition/cloud-engineer">cloud engineers</a> within their DevOps teams. Cloud engineers bear primary responsibility for these tasks:</p> <ul type="disc" class="default-list"> <li>Administering cloud environments.</li> <li>Deploying applications to the cloud and managing them when they are there.</li> <li>Integrating the disparate tools and services that exist between clouds in a multi-cloud strategy.</li> </ul> <p>This work can overlap substantially with that of IT engineers, who also deploy and manage applications. However, cloud engineers bring distinct expertise with cloud environments and tools, which more general types of IT engineers sometimes lack.</p> <h3>11. Automation engineer</h3> <p>An <a href="https://www.techtarget.com/searchitoperations/definition/automation-engineer">automation engineer</a> is another potential type of DevOps role that can be helpful for some organizations. It includes the following key responsibilities:</p> <ul type="disc" class="default-list"> <li>Designing and implementing automated workflows.</li> <li>Optimizing automated processes to make them more efficient and mitigate risk.</li> <li>Troubleshooting and mitigating disruptions to automated workflows.</li> </ul> <p>In the context of DevOps, these responsibilities can overlap with those of DevOps engineers and systems architects, both of whom also focus on automation. But an automation engineer can be a broader role that drives automation across all workflows, not just those specifically related to DevOps. In this way, automation engineers can help bridge the gap between DevOps processes and other workflows that the business depends on.</p> <p>Note, too, that automation engineers can be especially valuable for organizations experimenting with new types of automation tools, such as AI agents. These have not traditionally featured in DevOps workflows, where automation has conventionally depended on scripts instead, but automation engineers versed in applying emerging technology can help organizations take advantage of cutting-edge automation solutions such as agentic AI.</p> <h3>12. AI DevOps engineer</h3> <p>Speaking of AI, some organizations are now creating AI DevOps engineer roles, whose main responsibilities include the following:</p> <ul type="disc" class="default-list"> <li>Using AI to automate CI/CD pipelines.</li> <li><a href="https://www.techtarget.com/searchenterpriseai/tip/Top-generative-AI-tool-categories">Implementing and managing AI tools</a> that can accelerate core DevOps processes, such as software development.</li> <li>Helping to ensure that the DevOps team's use of AI tools remains compliant and secure.</li> </ul> <p>Whether it's necessary to devote a DevOps role specifically to AI is debatable; these responsibilities could also be addressed by other engineers, who are increasingly integrating AI into their workflows. But given the complexity of modern AI -- and the deep compliance and security challenges it presents -- a dedicated AI DevOps engineer position can make sense.</p> </section> <section class="section main-article-chapter" data-menu-title="Structuring DevOps roles in your organization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Structuring DevOps roles in your organization</h2> <p>Once you've identified the roles that enable DevOps, you need to combine or coordinate them into an actual DevOps team. This can be a major challenge because the DevOps philosophy makes no specific recommendations about how to structure DevOps teams or integrate DevOps into existing teams.</p> <p>Most businesses choose one of the following approaches to structuring DevOps personnel:</p> <ul type="disc" class="default-list"> <li><b>Replace dev and ops with DevOps.</b> Eliminate separate development and IT operations departments entirely and replace them with a dedicated DevOps team. The new team can include stakeholders from other domains, such as QA, or you can manage roles other than dev and ops as their own teams. This approach works well if you want to structure your entire organization around DevOps and never look back, but it requires a major organizational overhaul. You must also convince all your developers and IT engineers to embrace a new identity as DevOps specialists, which can be culturally jarring.</li> <li><b>Run DevOps alongside dev and ops.</b> Keep your existing development and IT operations teams intact, with a separate DevOps team that operates alongside them and coordinates activities. With this approach, developers and engineers <a target="_blank" href="https://www.devopsbay.com/blog/it-vs-dev-ops-understanding-key-differences-and-similarities" rel="noopener">retain their identities</a> and independence as you integrate DevOps into the overall organization. However, you'll have to build a new DevOps team from scratch and convince other teams to work with it.</li> <li><b>Embed DevOps engineers into other teams.</b> This hybrid approach embeds DevOps specialists into your existing dev and ops departments. It requires minimal organizational or cultural change -- but sprinkling DevOps engineers across existing teams might not be enough to fully embrace DevOps. You might end up with an organization that does <i>DevOps lite</i> instead of a total DevOps transformation.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Conclusion: The importance of a clear DevOps role definition"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion: The importance of a clear DevOps role definition</h2> <p>A large part of DevOps' success boils down to defining the right roles. The DevOps roles an organization needs can vary somewhat depending on factors such as the technologies it uses and how broad or narrow it makes certain job descriptions. Ultimately, the goal should be to ensure that all key DevOps responsibilities -- software development and deployment, QA, security, tool management and infrastructure management -- are covered within a holistic operating model.</p> <p>Note as well that leadership alignment is critical to translating DevOps roles into a collaborative DevOps team. Business leaders must clearly define each role's responsibilities and how it complements others. They must also set clear goals and priorities for DevOps team members to pursue. This can be done, for example, by articulating how extensively the business chooses to <a href="https://www.techtarget.com/searchitoperations/tip/What-to-expect-as-AI-for-DevOps-advances-in-the-enterprise">integrate AI into its workflows</a> or determining the balance it seeks between software reliability and release velocity.</p> <p>Finally, it's important to keep in mind that DevOps roles should evolve as organizations mature. Smaller companies, or those that develop and manage a small number of applications, often don't require so many distinct DevOps roles. They might, for instance, fold QA engineering responsibilities into developer roles, because they don't need to perform enough software tests to justify a dedicated QA engineering role.</p> <p>But over time, as DevOps processes scale up and become more complex, it's common for organizations to build out their DevOps team structure to include all key roles.</p> <p><i>Chris Tozzi is a freelance writer, research adviser, and professor of IT and society. He has previously worked as a journalist and Linux systems administrator.</i></p> </section> More than most IT initiatives, DevOps is built around people. Involve the right professionals, and get those people primed to work in concerted ways. https://cdn.ttgtmedia.com/visuals/searchOracle/applications/oracle_article_001.jpg https://www.techtarget.com/searchitoperations/feature/Know-the-key-DevOps-roles-and-responsibilities-for-team-success Wed, 18 Mar 2026 00:00:00 GMT DevOps roles explained: Key jobs, responsibilities and skills <p>Rural and community hospitals often operate under <a href="https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2803940">tighter margins</a> than their urban counterparts, making large technology investments difficult to justify. Despite these constraints, some smaller health systems are turning to clinical AI tools to <a href="https://www.techtarget.com/searchhealthit/feature/AI-healthcare-trends-to-watch">address operational pressures</a>. </p> <p>San Juan Regional Medical Center, a community-owned hospital serving a largely rural population across the Four Corners region of New Mexico, Arizona, Utah and Colorado, recently adopted <a href="https://www.wellsheet.com/">Wellsheet</a>, a clinical AI platform aimed at improving how clinicians access and interpret patient information. For hospital leaders, the decision was less about chasing innovation than a necessity.</p> <p>"We don't have enough nurses. We're never going to have enough nurses. We don't have enough physicians," said Carlo Hallak, M.D., physician executive of information services at San Juan Regional. "So we need tools that allow for better patient care decisions by surfacing this data."</p> <section class="section main-article-chapter" data-menu-title="Operational pressures drive AI investment decisions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Operational pressures drive AI investment decisions</h2> <p>Like many regional hospitals, San Juan Regional's challenge was not a lack of clinical data but the difficulty of using it efficiently. Hallak said clinicians often navigate multiple screens and external resources to find necessary information, which can delay care decisions and affect patient flow.</p> <p>Hallak described the longstanding challenge facing IT leaders: "How can we present the right data at the right moment to the right level of care?" he said.</p> <p>That challenge ultimately led the hospital to adopt an AI-based clinical workflow platform, starting in January 2026.</p> <p>Hallak emphasized the hospital's investment was not driven by excitement around AI itself.</p> <p>"It is not a hype," he said. "It has solved a problem that we've been trying to solve for many years as clinicians."</p> <p>San Juan Regional is not alone in exploring this approach. In a <a href="https://www.prnewswire.com/news-releases/wellsheet-continues-momentum-with-health-systems-across-us-brings-ai-to-san-juan-medical-center-302692097.html">press release</a>, Wellsheet reported that its platform is now deployed in more than 100 hospitals nationwide, reflecting growing interest in workflow-integrated clinical AI tools.</p> </section> <section class="section main-article-chapter" data-menu-title="Fitting in with existing workflows"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Fitting in with existing workflows</h2> <p>Hallak said his team evaluated potential tools based largely on how well they would support clinicians within their <a href="https://www.techtarget.com/searchhealthit/answer/How-EHR-Clinical-Workflow-Driven-Design-Enhances-Health-IT-Usability">existing workflows</a>.</p> <p>According to Hallak, the AI software's integration with <a href="https://www.wolterskluwer.com/en/solutions/uptodate/pro/uptodate?utm_source=google&utm_medium=cpc&utm_campaign=CBHV_MKXX_PRUTD_GE0B_LAENXX_PLGO_CTSE_KPPO_AUPR_DVAL_TABR_MTXX_FNLO_BOEC_THIND-UTD-Brand-USCAN&utm_content=&utm_term=uptodate&bu=individual&gad_source=1&gad_campaignid=22901278492&gbraid=0AAAAACm31zolnpfelBEfB8dtM-bB7xXiQ&gclid=Cj0KCQiAwYrNBhDcARIsAGo3u33QO13f2OqDZpWHYZHDvEmvNK5BWLzppZu7nGUF1y-ujxKuKFD6Zd0aAhbBEALw_wcB">UpToDate</a> -- a widely used, evidence-based clinical decision support resource relied on by clinicians for current research and treatment guidance -- became a major deciding factor during the selection process.</p> <p>Traditionally, providers consult such references separately from the EHR, manually applying patient data to clinical guidance. Wellsheet streamlines that workflow by connecting UpToDate with the EHR.</p> <p>By presenting guidance in the context of an individual patient, clinicians can review relevant evidence without leaving the patient's chart.</p> <p>"Physicians don't have to get outside of the EHR and read an article that is not in the context of the patient," Hallak said. "It's based on that patient and their information."</p> <p>The platform summarizes chart information and links clinical pathways, decision-support calculators and other reference material using patient-specific information from the medical record. Rather than directing treatment, the system organizes information, Hallak emphasized.</p> <p>It's an approach that builds on traditional clinical decision support models, in which evidence informs care while responsibility remains with the clinician.</p> <p>"I'm giving you the right information to make the right decisions," Hallak said.</p> </section> <section class="section main-article-chapter" data-menu-title="Patient outcomes, clinician satisfaction will indicate success"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Patient outcomes, clinician satisfaction will indicate success</h2> <p>San Juan Regional plans to evaluate the investment using operational and clinical metrics, including discharge efficiency and length of stay. Hallak said they also hope to see earlier identification of patient deterioration.</p> <p>"I'm looking for better clinical and operational efficiency -- being able to discharge the patient at the right time safely," Hallak said. "Hopefully, in six months, down the road, we will report great outcomes."</p> <p>He said the hospital is also paying attention to how the technology affects <a href="https://www.techtarget.com/searchhealthit/news/366577964/EHR-Information-Overload-Adds-to-Clinician-Burnout-Stress">day-to-day clinician experience</a>. By reducing the need to search through multiple screens for information, leaders hope the platform will make workflows feel more manageable.</p> <p>"It's about physician and care team satisfaction -- not struggling to search for data, but bringing back some joy to practicing medicine and using technology," Hallak said.</p> <p>San Juan Regional's experience reflects a broader shift among community hospitals seeking operational efficiency amid mounting pressures. Ultimately, health systems with limited resources will have to judge clinical AI by its ability to improve efficiency and patient care alongside the cost of the technology.</p> <p><i>Elizabeth Stricker, BSN, RN, comes from a nursing and healthcare leadership background, and covers health technology and leadership trends for B2B audiences.</i></p> <p> </p> </section> For one rural hospital, improving access to clinical information drove the move toward AI implementation. https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/healthtechanalytics/feature/Clinical-AI-gains-ground-in-a-resource-constrained-hospital Tue, 17 Mar 2026 09:30:00 GMT Clinical AI gains ground in a resource-constrained hospital <p>Everpure has announced Evergreen One for AI, a performance-backed consumption model for artificial intelligence (AI) that extends to use of its <a href="https://www.computerweekly.com/news/366620538/Pure-aims-at-AI-beyond-the-enterprise-with-FlashBlade-Exa">FlashBlade//Exa</a> <a href="https://www.computerweekly.com/resources/Flash-storage-and-solid-state-drives-SSDs">high-performance storage</a>. Meanwhile, the company – <a href="https://www.computerweekly.com/news/366639189/Pure-Storage-rebrands-to-Everpure-as-storage-makers-business-expands-focus-to-data-management">known as Pure Storage until recently</a> – has announced the beta release of its Datastream automated AI pipeline appliance. </p> <p>Evergreen One for AI differs from existing flexible capacity offers in the Everpure range by providing use of FlashBlade//Exa and service-level agreements (SLA) based on graphics processing unit (GPU) count. The aim here is to ensure that the storage environment provides the throughput to keep GPU resources fully utilised.</p> <p>FlashBlade//Exa, Everpure’s highest-performance platform, was previously excluded from the <a href="https://www.computerweekly.com/feature/Pures-storage-as-a-service-We-can-offer-what-others-cant">Evergreen One consumption model</a>. </p> <p>Exa aims at AI and high-performance computing (HPC) workloads that demand extremely high throughput, likely in customers between large enterprise users of AI and the hyperscalers.</p> <p>At its launch, FlashBlade//Exa introduced an architecture to the Pure product line in which metadata and bulk storage are disaggregated with different hardware and protocols in use.</p> <p>Kaycee Lai, vice-president for AI with Everpure, said Evergreen One for AI shifted the financial and operational risk away from the customer. “Specifically, we have an offering which we call Evergreen One for AI,” he said. “The big difference for AI is that we set the performance level of the offering based on the number of GPUs that you have … it is an SLA-backed performance guarantee.”</p> <p>Evergreen One and Flex are Pure Storage’s pay-as-you-go procurement models, while Forever involves upfront purchase with built-in upgrades.</p> <section class="section main-article-chapter" data-menu-title="Automating the RAG pipeline"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Automating the RAG pipeline</h2> <p>Everpure also announced the beta availability of Datastream. First previewed in late 2024, Datastream is a “single SKU” appliance that integrates Nvidia GPUs with Everpure storage. It is designed to tackle the “data readiness” challenge, said Lai. This refers to the oft-cited statistic that data teams spend 80% of their time preparing unstructured data for use.</p> <p>The appliance automates the <a href="https://www.computerweekly.com/feature/RAG-AI-Do-it-yourself-says-NYC-data-scientist">retrieval-augmented generation</a> (RAG) pipeline, which includes ingest, curation and vectorisation of data. By providing an integrated hardware and software stack, Everpure aims to provide an “easy button” for enterprises building chatbots or autonomous agents, he said.</p> <p>The software capability behind Datastream was built in-house, though it can connect to third-party data sources including Dell, HP and NetApp environments, as well as cloud-resident data. This flexibility allows the appliance to act as a central hub for AI readiness regardless of where the data lives.</p> <p>“Today, people run RAG pipelines … they do the chunking, the embedding, the indexing to make sure that the data is going to be accurate and relevant so that chatbot agents can consume them in a specific format,” said Lai. “That takes up about 80% of most data teams’ time because there’s no standard tool.”</p> </section> <section class="section main-article-chapter" data-menu-title="Underpinning performance"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Underpinning performance</h2> <p>To support these launches, Everpure revealed new benchmarks intended to validate its hardware under AI stress. In MLPerf 2.0 testing, the company claimed the top spot for checkpointing – a critical function for saving the state of a model during long training runs – reporting results up to two times better than competitors such as Huawei and Vast.</p> <p>The company also cited Spec Storage AI image benchmarks, where it outperformed NetApp’s AFX platform by approximately 20%, he said.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about storage and AI</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/Storage-technology-explained-AI-and-the-data-storage-it-needs">Storage technology explained: AI and data storage</a>: In this guide, we examine the data storage needs of artificial intelligence, the demands it places on data storage, the suitability of cloud and object storage for AI, and key AI storage products.</li> <li><a href="https://www.computerweekly.com/feature/Storage-technology-explained-Vector-databases-at-the-core-of-AI">Storage technology explained: Vector databases at the core of AI</a>: We look at the use of vector data in AI and how vector databases work, plus vector embedding, the challenges for storage of vector data and the key suppliers of vector database products.</li> </ul> </div> </div> </section> Nvidia GTC is the occasion for beta launch of its Datastream appliance that marries software to ingest and manage AI data pipelines with Everpure storage and GPU resources https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Cambridge-1-GPU-CREDIT-NVIDIA-hero.jpg https://www.computerweekly.com/news/366640415/Everpures-Evergreen-One-for-AI-brings-Exa-flash-and-GPU-based-service-level-agreements Mon, 16 Mar 2026 16:30:00 GMT Everpure’s Evergreen One for AI brings Exa flash and GPU-based service-level agreements <p><span style="font-weight: 400">Nutanix is positioning its agentic AI solution as a full software stack, purpose-built for real-world enterprise deployments.</span></p> <p><span style="font-weight: 400">The company thinks we have now hit </span><span style="font-weight: 400">a tipping point where the barrier to success is no longer the model or building individual agents, but the complexity of managing the infrastructure required to securely run thousands of agents at scale. </span></p> <p><span style="font-weight: 400">Nutanix (as an infrastructure specialist) would be likely to say that, but, in fairness, this is absolutely the narrative that we’re hearing from the rest of the industry.</span></p> <p><span style="font-weight: 400">Now focused on providing infrastructure and platform teams with the tools to “build and operate AI factories” today, Nutanix says it will focus on performance, security</span><span style="font-weight: 400"> and compliance with sovereignty requirements. </span></p> <section class="section main-article-chapter" data-menu-title="What is an AI factory?"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">What is an AI factory?</span></h2> <p><span style="font-weight: 400">We can define an AI factory as a collection of platform-level and infrastructure-level technologies and toolsets that work to continuously ingest data and train machine learning models on a continuous basis. Rather than coal or any other form of fuel, this factory runs on data and its machinery is aligned to process intelligence, predictions and autonomous decisions through interconnected compute functions, data pipelines and algorithmic logic. The AI factory ultimately delivers and deploys AI-powered outputs with the scope to scale once any given AI service enjoys widespread user uptake.</span></p> <p><span style="font-weight: 400">We’re now hearing firms talk about how data scientists and agentic AI developers expect easy access to tools and services to run and fine-tune models, build agents and securely connect them to enterprise data… and this is the channel that Nutanix aims to flow in.</span></p> <blockquote> <p><span style="font-weight: 400">“Enterprise AI becomes economically viable when the infrastructure around it is engineered for scale. By integrating orchestration, models and data services into a single stack, Nutanix is moving enterprise AI from isolated agents to operational ‘AI factories’,” said </span><a href="https://www.linkedin.com/in/markvigoroso/"><span style="font-weight: 400">Mark Vigoroso</span></a><span style="font-weight: 400">, founder & CEO of B2B tech catalyst, The Enterprise Edge.</span></p> </blockquote> <p><a href="https://www.linkedin.com/in/thomas-cornely-811610/"><span style="font-weight: 400">Thomas Cornely</span></a><span style="font-weight: 400">, executive vice president of product management at Nutanix says that in contrast to AI infrastructure for model training (which was optimised to run ‘one big job’), we need to realise that production agentic AI infrastructure needs to handle scale and high rates of change for thousands of AI services, agents and concurrent users and developers. </span></p> </section> <section class="section main-article-chapter" data-menu-title="Cloud ops model for AI factories"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">Cloud ops model for AI factories</span></h2> <p><span style="font-weight: 400">Nutanix Agentic AI extends AHV hypervisor, Flow Virtual Networking, Nutanix Kubernetes Platform and Nutanix Enterprise AI to create a cloud operating model for enterprise AI factories, enabling infrastructure and platform teams to simply build, operate and govern.</span></p> <p><span style="font-weight: 400">According to Cornley, the technology on offer here integrates with Nvidia AI Enterprise at the Agent Builder layer and orchestrates the Nvidia-certified ecosystem of AI factories for supported configurations. It provides dynamic, multiuser AI environments to build, run and protect agentic AI applications with a full suite of infrastructure orchestration and security software coupled with AI Platform Services (PaaS) and Models-as-a-Service (MaaS) for data scientists and agentic AI developers. </span></p> <blockquote> <p><span style="font-weight: 400">“Nutanix’s Agentic AI stack removes much of the infrastructure friction that can slow down enterprise AI projects. By bringing the layers together – from Models-as-a-Service at the top, to an AI platform built on a standardised Kubernetes distribution, down to GPU-aware hypervisors and DPU-accelerated networking – organisations get a more coherent AI stack, enabling AI factories that deliver strong performance and security while driving down the cost per token,” said </span><a href="https://www.linkedin.com/in/srmcdowell/"><span style="font-weight: 400">Steve McDowell</span></a><span style="font-weight: 400">, chief analyst, Nand Research.</span></p> </blockquote> <p><span style="font-weight: 400">Nutanix says its Agentic AI (CAPS used to denote branded service) reduces complexity, delivers optimised performance and security and is designed to enable lower, predictable token costs by providing the agentic AI services and a Kubernetes platform.</span></p> <p><span style="font-weight: 400">This AI PaaS and Kubernetes native software layer consists of:</span></p> <ul class="default-list"> <li style="font-weight: 400"><b>An Advanced AI Gateway and Model-as-a-Service: </b><span style="font-weight: 400">The latest release of Nutanix Enterprise AI (NAI), version 2.6, now includes an AI Gateway service for unified policy control over cloud-hosted and private LLMs. New support for the Model Context Protocol (MCP) server and Fine Tuning extends its existing robust MaaS capabilities to enable agents to securely connect to enterprise tools and data sources. NAI also now includes support for the NVIDIA Nemotron family of open-source AI models, datasets and training tools designed to help developers build agentic AI systems that can reason, securely access tools and complete complex multistep tasks independently.</span></li> </ul> <ul class="default-list"> <li style="font-weight: 400"><b>An Open Kubernetes Platform With a Rich AI Catalogue:</b><span style="font-weight: 400"> Nutanix simplifies the path to Agentic AI by extending its CNCF-compliant Nutanix Kubernetes Platform with a rich catalog of pre-built open source AI developer tools, including Notebooks, Vector Databases, MLOps workflow engines and Agentic frameworks. Because it is fully integrated with Nvidia AI Enterprise software, developers can instantly deploy Nvidia NIM microservices, including Nemotron, to accelerate the development of high-performance AI applications in production.</span></li> </ul> <p><span style="font-weight: 400">Also, here we find infrastructure optimisation and security. In the early access version of Nvidia topology-aware AHV, the Nutanix AHV hypervisor has been enhanced to automatically optimise allocation of physical resources to virtual machines on GPU-dense servers and help maximise performance. </span></p> <p><span style="font-weight: 400">The Nutanix Flow Virtual Networking service has been enhanced to offload the network dataplane to Nvidia BlueField, delivering high-performance networking while reducing host CPU and memory consumption. These enhanced capabilities bring all the benefits of virtual machines for workload and tenant isolation, day 2 operations and infrastructure resilience to Agentic AI workloads with maximum performance, security and resource utilisation to help achieve a lower cost per token.</span></p> </section> <section class="section main-article-chapter" data-menu-title="Foundational data services for AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">Foundational data services for AI</span></h2> <p><span style="font-weight: 400">Agentic AI applications require foundational Data Services. As a solution built on the Nvidia AI Data Platform reference design, Nutanix Unified Storage delivers linearly scalable read/write performance for thousands of GPU clients. By providing a high-capacity tier for KV Cache offloading and support for S3 over RDMA and NFS over RDMA, Nutanix provides a scalable, low-latency data fabric that maximises GPU efficiency across all enterprise AI workloads.</span></p> <p><span style="font-weight: 400">The Nutanix Agentic AI service works in line with Nvidia-certified AI factories and users can deploy AI factories on hardware from Cisco, Dell and Supermicro, supported with joint validation by Nutanix and Nvidia. </span></p> <p><img loading="lazy" decoding="async" class="wp-align alignnone size-full wp-image-11658" src="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/1-3.png" alt="" width="580" height="265" srcset="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/1-3.png 580w, https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/1-3-300x137.png 300w" sizes="(max-width: 580px) 100vw, 580px"> <img loading="lazy" decoding="async" class="wp-align alignnone size-full wp-image-11659" src="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/2.jpg" alt="" width="580" height="360" srcset="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/2.jpg 580w, https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/2-300x186.jpg 300w" sizes="(max-width: 580px) 100vw, 580px"></p> </section> Nutanix is positioning its agentic AI solution as a full software stack, purpose-built for real-world enterprise deployments. The company thinks we have now hit a tipping point where the barrier to ... https://www.computerweekly.com/blog/CW-Developer-Network/Nutanix-Agentic-AI-bids-to-stoke-up-enterprise-AI-factories Mon, 16 Mar 2026 16:28:17 GMT Nutanix Agentic AI bids to stoke up enterprise AI factories <p>Mobile device management gives IT the control, security and visibility necessary to protect modern workplaces.</p> <p>Mobile devices are especially vulnerable to loss, theft and unauthorized access, which complicates data security and regulatory compliance for most organizations. IT administrators need to think about getting devices to a securely managed and productive state while ensuring the onboarding process is simple, minimally invasive and streamlined for end users. Mobile device management is not only a tactical IT chore but a strategic issue.</p> <section class="section main-article-chapter" data-menu-title="What is mobile device management (MDM)?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is mobile device management (MDM)?</h2> <p>Mobile device management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-device-management">MDM</a>) software enables IT to control, secure and enforce policies on mobile devices such as smartphones, tablets and laptops.</p> <p>It provides administrators with tools to apply consistent security settings, deploy updates, monitor device health and remotely lock or wipe devices if they are lost, stolen or noncompliant. MDM is a foundational <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Understand-how-UEM-EMM-and-MDM-differ-from-one-another">element of enterprise mobility management and unified endpoint management</a>.</p> <p>An MDM platform can manage various devices, including iOS, Android, Windows, macOS and even ChromeOS, in some cases. MDM is a flexible tool that gives admins many controls to ensure devices are secured and properly supported. Additionally, IT can consider programs such as Apple Business Manager and Android Enterprise, which integrate with MDM to give organizations more privileges on a device. Admins can then enforce higher-level security configurations, including advanced restrictions and settings controls, home screen layout, single app mode, multi-user and shared modes, and zero-touch enrollments.</p> <h3>BYOD and MDM</h3> <p>Device ownership is an important factor in MDM. In particular, BYOD policies can add a layer of complexity to management. Under these policies, employees store corporate data and carry out work tasks on personal devices. The challenge with BYOD is that user devices are unmanaged by default, which can expose the organization to security and compliance risks.</p> <p><a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-successfully-implement-MDM-for-BYOD">MDM platforms help organizations manage BYOD endpoints</a> using containerization mechanisms that enable app‑level controls and the separation of personal and work data. Admins can configure an MDM platform to define acceptable use, privacy boundaries and enforcement policies for devices based on their ownership status. This balances flexibility and security.</p> </section> <section class="section main-article-chapter" data-menu-title="1. Manage mobile devices with an MDM policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Manage mobile devices with an MDM policy</h2> <p>An MDM platform is only as effective as the policies that are configured and enforced by the organization using it. An <a href="https://www.techtarget.com/searchmobilecomputing/feature/Why-a-mobile-security-policy-is-a-must-have-corporate-policy">MDM policy framework</a> should define device enrollment requirements, security configuration standards and compliance monitoring procedures. Rather than implementing MDM as a purely technical tool, the strongest device management strategies establish clear, documented MDM policies that align technical controls with organizational security objectives.</p> <p>MDM's role is to provide the organization with the ability to enforce security compliance controls on devices. Figure 1 shows an example of these controls for an iOS device.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1.jpg 1280w" alt="Compliance policies for iOS." data-credit="Michael Goad" height="303" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Device compliance policies that IT admins can enforce for iOS devices through MDM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Some of the most common profile and compliance settings include the following:</p> <ul class="default-list"> <li>PIN code and device encryption.</li> <li>Certificate-based authentication.</li> <li>Email configuration.</li> <li>Wi-Fi configuration.</li> <li>Device feature permissions and restrictions.</li> <li>Blocklist and allowlist applications.</li> <li>Single sign-on (SSO).</li> <li>Enforcement and automation of iOS and Android updates.</li> <li>Data loss prevention (DLP) configurations.</li> <li><a href="https://www.techtarget.com/searchmobilecomputing/answer/Whats-the-difference-between-jailbreaking-and-rooting">Jailbreak/root detection</a> and remediation.</li> <li>Remote lock and device wipe capabilities for lost or compromised devices.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="2. Manage authentication and access"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Manage authentication and access</h2> <p>Access management on mobile devices should include strong PIN and multifactor authentication (MFA) controls, enforced through MDM.</p> <h3>PIN code management</h3> <p>The PIN often serves as a password for mobile devices, preventing bad actors from gaining unauthorized access to a device. Organizations should enforce a PIN policy, which might include minimum length standards or require automatic lock after a short period of inactivity. Using MDM, IT can enforce these settings consistently across corporate-owned and BYOD devices enrolled in the environment.</p> <h3>Multifactor authentication</h3> <p>Once a device leaves the corporate network, it's exposed to untrusted networks and higher risk conditions that IT can't fully control. MFA provides more comprehensive protection by confirming that the end user logging on is who they claim to be. It requires two or more authentication methods, which can include PIN or password, SMS verification and biometric authentication. An admin can then set parameters for when to require MFA based on the device's trust and risk conditions.</p> <p>MDM can distribute and enforce these MFA requirements by integrating with the organization<span dir="RTL">'</span>s identity and access management (<a href="https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system">IAM</a>) platform during enrollment and device compliance checks. This approach aligns mobile authentication with the broader zero-trust and IAM strategy.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Enable data loss prevention policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Enable data loss prevention policies</h2> <p>Users rely on multiple apps on their mobile devices to get work done, so IT admins must ensure any corporate data is not copied to, or accessed from, unmanaged or untrusted applications. App protection and <a href="https://www.techtarget.com/searchdatamanagement/tip/Steps-to-create-a-data-loss-prevention-policy">DLP policies</a> can prevent corporate data from being saved locally to the device storage or exported to personal locations. IT admins can also restrict data transfer -- for example, the <i>Open in</i> or <i>Share</i> options -- to only approved or managed apps, and limit specific capabilities such as copy, paste, download or local file export. Figure 2 shows an example of these settings for an Android device with a work profile.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2.jpg 1280w" alt="Work profile device controls." data-credit="Michael Goad" height="438" width="558"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Capabilities that IT admins can limit on personally owned devices with a work profile. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Platforms such as Microsoft Intune can even <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-use-Intune-app-protection-without-MDM-enrollment">apply app protection policies to Microsoft apps</a> without requiring admins to enroll devices in an MDM. For devices enrolled in an organization's MDM, the MDM is the mechanism to create and enforce these security restrictions to ensure data loss protection.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Set corporate and BYOD remote lock, device wipe policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Set corporate and BYOD remote lock, device wipe policies</h2> <p>What happens if an employee loses a device or leaves the company? Every business should develop a corporate-owned and <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">BYOD policy</a> to handle device loss and data wipes.</p> <p>Under this type of policy, whenever a mobile device is lost or stolen, the organization can take actions to secure data, including a data wipe, reset or device lock.</p> <p>This type of policy gets messy with BYOD environments; not every user likes the idea of giving IT this type of control over their devices. However, both Google and Apple have addressed this issue with capabilities in their platforms. On Apple devices, User Enrollment limits what an MDM platform can do on a personal iPhone or iPad, focusing management on the work container. For Android devices, Google's <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-work-profile-on-Android-devices">Android Enterprise work profile feature</a> enables users to keep work and personal apps and data distinct from each other. Each profile is entirely separate; the organization manages the work apps and data, while the end user's apps, data and usage remain untouched. This restricts invasive management tasks, such as factory resets.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png 1280w" alt="What MDM can and can't see on Apple and Android devices." data-credit="Informa TechTarget" height="297" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="5. Enable remote access management and monitoring"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Enable remote access management and monitoring</h2> <p>Remote access management lets IT troubleshoot and control devices remotely, without physical access. Monitoring uses centralized dashboards to provide real-time visibility into compliance, OS version, security status and other indicators of device posture, such as location, usage and threats.</p> <p>These capabilities support enterprise security by enabling rapid incident response. IT can lock geofenced devices, quarantine threats or remotely wipe lost assets.</p> <p>Implementation requires strong security measures to protect sensitive data and ensure functionality. Use secure channels with Transport Layer Security encryption, certificate authentication and MFA for admins. Cross-platform support must cover iOS, Android, Windows and macOS. Role-based access control (RBAC) limits admin access to sensitive actions, reducing the risk of accidental or unauthorized changes, such as wiping devices or locking them remotely. Security information and event management (<a href="https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM">SIEM</a>) systems integrate with remote access tools to monitor and log security events, detect anomalies and provide real-time alerts about potential threats. Together, these measures ensure that remote access management is secure and effective across devices.</p> <p>Other best practices include the following:</p> <ul class="default-list"> <li>Enforce the principle of least privilege for admin access.</li> <li>Automate alerts for noncompliance or jailbreak detection.</li> <li>Be transparent about <a href="https://www.techtarget.com/searchmobilecomputing/tip/What-can-organizations-do-to-address-BYOD-privacy-concerns">BYOD privacy</a> and monitor only corporate data.</li> <li>Set up regular compliance reporting for audits.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="6. Keep BYOD and corporate devices updated"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Keep BYOD and corporate devices updated</h2> <p>Keeping devices updated isn't an easy task, but it's extremely important. Mobile devices are a growing target for malware and other attacks, and one of the best ways to fight against that is to ensure that all managed devices are fully up to date.</p> <p>There are plenty of different approaches IT admins can take to keep devices updated in a timely manner. Asking users to implement updates is a simple approach, but it's not always a successful one. A better approach is to enforce controls through the MDM. For devices enrolled with an MDM platform, an IT admin can schedule a mobile OS update for all users -- ideally during a low-use time, such as the middle of the night. On corporate-only devices, IT can take that a step further, and the MDM can schedule, download and auto-install the updates.</p> <p>With BYOD environments, it can be a bit trickier. Mobile IT admins can schedule a prompt for the user to download and install the update, but it's still up to the end user to trigger the process. However, there are mechanisms IT can put in place through MDM. One <a target="_blank" href="https://learn.microsoft.com/en-us/intune/intune-service/protect/compliance-policy-create-ios" rel="noopener">mechanism</a> is a compliance policy, which enables admins to create an "if this, then that" automation for devices.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Asking users to implement updates is a simple approach, but it's not always a successful one. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>An example of this would be a compliance policy that targets devices with a specific version of iOS. IT can create an action that would send a notification to a user to update; then, after two days, if that device hasn't updated, an admin can take steps such as quarantine or removal of corporate email and access from the device. These restrictions would remain in place until the user updates the device OS.</p> <p>These compliance policies help keep corporate data safe while also encouraging end users to stay up to date. The same approach applies to Android, ChromeOS and Windows devices, with platform-specific grace periods and remediation actions defined in the organization's MDM policy.</p> </section> <section class="section main-article-chapter" data-menu-title="7. Integrate MDM with other IT and IAM systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. Integrate MDM with other IT and IAM systems</h2> <p>IAM is a system that manages user identities and controls user access. It includes features like SSO and RBAC. Integrating IAM with MDM synchronizes user identity with device compliance for unified security across endpoints.</p> <p>This integration can help enable conditional access, which is critical for effective MDM policy. With conditional access, only MDM-enrolled, compliant devices associated with verified user identities can access corporate email, VPN or SaaS apps. It can also help automate user provisioning and deprovisioning. New hires get compliant devices instantly, offboarded users lose access and corporate data is selectively wiped.</p> <p>Implementation involves API connectors between MDM and IAM platforms. <a href="https://www.techtarget.com/searchmobilecomputing/tip/Understanding-Android-certificate-management">Device certificates</a> and unique identifiers establish trust, while continuous device posture feeds into IAM risk decisions.</p> <p>Beyond IAM, MDM integrates with email servers, SIEM tools and endpoint detection platforms to help provide visibility and automated response across IT systems.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Monitor device compliance and automate with mobile threat defense"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Monitor device compliance and automate with mobile threat defense</h2> <p>MDMs provide device-level security controls, but they can lack the ability to detect and prevent attacks from malicious apps, networks and phishing campaigns. To keep mobile data secure, organizations should supplement MDM with mobile threat defense (<a href="https://www.techtarget.com/searchmobilecomputing/definition/Mobile-Threat-Defense-MTD">MTD</a>).</p> <p>MTD platforms detect man-in-the-middle attacks over Wi-Fi, identify suspicious behavior on a device and proactively search for malware, harmful applications and mobile phishing attacks. It can then remediate issues with various methods, such as killing the device's Wi-Fi or cellular connection to prevent further data leakage, or working in tandem with an MDM to quarantine a device. At a high level, an MTD platform can perform the following functions:</p> <ul class="default-list"> <li>Monitor a device's activity to detect cyberattacks in real time.</li> <li>Monitor device applications for suspicious behavior that might leak user data to untrusted sources.</li> <li>Monitor for OS vulnerabilities and kernel exploits.</li> <li>Monitor device networking activity for man-in-the-middle, Secure Sockets Layer (SSL) stripping and SSL decryption attempts.</li> </ul> <p>Together, MTD and MDM platforms provide stronger security for mobile devices and users. MTD threat signals feed MDM compliance policies, automatically marking high-risk devices as noncompliant and blocking corporate access until remediation. This provides continuous threat detection with automated policy enforcement.</p> </section> <section class="section main-article-chapter" data-menu-title="9. Keep your end users informed"> <h2 class="section-title"><i class="icon" data-icon="1"></i>9. Keep your end users informed</h2> <p>IT admins can put as much technology as they want toward fixing a problem, but end users hold the keys to success. It is vital to train end users and keep them informed on current threats and vulnerabilities.</p> <p><a href="https://www.techtarget.com/searchmobilecomputing/tip/Building-mobile-security-awareness-training-for-end-users">Mobile security training</a> should emphasize the importance of updates, recognizing phishing attempts, using MFA and securing devices on public Wi-Fi. This empowers users to make security-conscious decisions that protect both personal and corporate data.</p> <p>Helping end users understand the importance of updates -- and how they can affect corporate data -- should help them make the right decisions related to device security.</p> <p><b>Editor's note:</b> <i>This article was originally written by Michael Goad and updated by Sean Michael Kerner to improve the reader experience.</i></p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> <p><i>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</i></p> </section> Organizations can't deploy mobile devices without accounting for their management complexity. IT should follow these nine best practices to manage mobile devices in the enterprise. https://cdn.ttgtmedia.com/visuals/searchWindowsServer/op_systems_microsoft_apps/windowsserver_article_011.jpg https://www.techtarget.com/searchmobilecomputing/feature/7-mobile-device-security-best-practices-for-businesses Mon, 16 Mar 2026 16:03:00 GMT 9 mobile device management best practices for businesses <p>One of the most vital tasks for any data center is environmental monitoring and management. High temperatures and humidity levels can damage IT equipment, leading to failures. Such conditions can also create discomfort for personnel working inside the data center.</p> <p>Fortunately, many systems and technologies can help monitor and manage data center cooling to maintain optimal <a href="https://www.techtarget.com/searchdatacenter/tip/Data-center-temperature-and-humidity-guidelines">temperature and humidity levels</a>.</p> <section class="section main-article-chapter" data-menu-title="What is data center cooling?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is data center cooling?</h2> <p>Data centers consume a lot of power, which generates heat. The more equipment in a facility, the more heat it generates. Data center cooling involves the tools, systems, techniques and processes used to maintain ideal temperatures and humidity levels inside a data center.</p> <p><a href="https://www.techtarget.com/searchdatacenter/tip/How-to-calculate-data-center-cooling-requirements">Proper data center cooling</a> ensures the entire facility has sufficient ventilation, humidity control and cooling to keep all equipment within the desired temperature ranges.</p> </section> <section class="section main-article-chapter" data-menu-title="Why is data center cooling important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why is data center cooling important?</h2> <p>High temperatures and humidity levels are undesirable conditions for IT and electrical equipment. Most IT devices and equipment generate heat and need to get rid of it quickly to avoid performance degradation.</p> <p>Facilities and equipment setups should be designed to minimize excess heat and humidity because these conditions can damage devices and equipment, causing them to malfunction or stop working. Worse, damaged equipment increases the facility's fire risk and other safety issues for on-site staff. These risks raise operational costs, as equipment must be repaired or replaced more often.</p> <p>As most data centers run ASHRAE Class A1 and A2 equipment, facility managers must ensure their cooling systems are up to the task. The need to buy additional or up-to-date equipment to meet cooling requirements explains why the global cooling market will grow by nearly <a href="https://www.astuteanalytica.com/industry-report/data-center-cooling-market" target="_blank" rel="noopener">14% annually</a> until 2033, according to Astute Analytica.</p> <p>The U.S. cooling market alone is expected to reach <a href="https://www.researchandmarkets.com/reports/5311271/u-s-data-center-cooling-market-landscape-2024" target="_blank" rel="noopener">$8.24 billion</a> in spending by 2029, according to Research and Markets.</p> </section> <section class="section main-article-chapter" data-menu-title="How does data center cooling work?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does data center cooling work?</h2> <p>Data center cooling transfers heat away from equipment and the air, replacing it with cooler air. This is typically done in one of several ways:</p> <ul type="disc" class="default-list"> <li>Airflow strategies to maximize the removal of hot air and circulation of colder air, such as <a href="https://www.techtarget.com/searchdatacenter/definition/hot-cold-aisle">hot and cold aisle</a> design, raised-floor cool air delivery, <a href="https://www.techtarget.com/whatis/definition/adiabatic-cooling">adiabatic cooling</a> that uses air pressure differentials to regulate temperatures, such as <a href="https://www.techtarget.com/searchdatacenter/definition/free-cooling">free cooling</a></li> <li>Equipment cooling options that aim to cool directly onto hot components, such as direct-to-chip liquid cooling, immersion cooling, rear-door heat exchangers and microchannel heat exchangers. </li> <li>Cooling or heating the facility to the highest recommended temperature and replacing equipment once it fails. Using this heat-cooling, or close-coupled cooling, method can be cheaper, as it might cost significantly less than equipment replacement.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Current data center cooling systems and technologies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Current data center cooling systems and technologies</h2> <p>Air and liquid cooling are two of the most popular data center cooling methods, each with several approaches.</p> <h3>Air cooling</h3> <p>Air cooling has been the standard for data centers since nearly the beginning. It is a well-understood technology and strategy, and when combined with other options such as raised floors and hot- and cold-aisle designs, it can be adequate for smaller facilities or those handling typical workloads. </p> <p>In a raised-floor setup, when the computer room AC (<a href="https://www.techtarget.com/searchdatacenter/definition/computer-room-air-conditioning-unit">CRAC</a>) unit or computer room air handler (<a href="https://www.techtarget.com/searchdatacenter/definition/computer-room-air-handler-CRAH">CRAH</a>) sends cold air, the pressure below the raised floor increases, forcing the cold air into the equipment inlets. The cold air displaces the hot air, which is then returned to the CRAC or CRAH, where it's cooled and recirculated.</p> <p>In-row cooling units offer a more focused approach by placing them closer to the heat sources, improving cooling efficiency and response times to alerts or monitoring system changes. </p> <p>A CRAH is more efficient than a CRAC, as it draws outside air in and cools it using chilled water instead of refrigerant. A CRAC functions like a residential AC unit, using refrigerants to cool the air. CRAC units are better suited to small data center closets because they can't keep up with the demands of enterprise-level data centers.</p> <h3>Hot and cold aisle layouts</h3> <p>With this air-based cooling strategy, <a href="https://www.techtarget.com/searchdatacenter/tip/Avoid-common-server-racking-issues">server cabinets and racks are arranged</a> in rows, with each row facing the opposite direction from the one in front. The <a href="https://www.techtarget.com/searchdatacenter/tip/Explore-hot-and-cold-aisle-containment-for-your-data-center">hot and cold air aisles increase the efficiency</a> of the cooling systems by enabling more targeted placement of intake and exhaust vents. Hot air is vented from the hot aisle, and cool air is pumped through the cold aisle. This prevents hot and cold air from mixing, allowing the cooling system to work more efficiently.</p> <p>Add doors, walls or partitions to the layout to further direct airflow for hot and cold aisles. <a href="https://www.techtarget.com/searchdatacenter/tip/How-to-understand-advancements-in-modern-data-centers">Cabinets should be as full as possible</a> to avoid the empty spaces, gaps and cable openings that can leak hot or cold air into the opposite aisle, causing the cooling system to work overtime.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/data_center_with_hot_and_cold_aisles-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/data_center_with_hot_and_cold_aisles-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/data_center_with_hot_and_cold_aisles-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/data_center_with_hot_and_cold_aisles-f.png 1280w" alt="Diagram of a data center set up for hot and cold aisle cooling." height="450" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This diagram illustrates how hot and cold air circulates to maintain optimal temperature levels in the data center. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Liquid cooling</h3> <p>Liquid cooling options are evolving as server workloads and density increase, especially with AI workloads. They are more efficient than air cooling because they transfer heat more effectively from the hottest components in the equipment. <a href="https://www.techtarget.com/searchdatacenter/tip/Liquid-and-dry-cooling-in-a-water-stressed-world">Liquid cooling</a> is more cost-effective because it can be installed directly on the devices that need it the most. It can also support greater equipment densities and items that generate higher-than-average heat, such as high-density and edge-computing data centers.</p> <p>There are two main types of liquid cooling:</p> <ol type="1" start="1" class="default-list"> <li><b>Direct-to-chip liquid cooling.</b> This method uses flexible tubes to deliver nonflammable <a href="https://www.datacenterknowledge.com/data-center-chips/direct-to-chip-cooling-everything-data-center-operators-should-know">dielectric fluid directly to the processing chip</a> or motherboard component that generates the most heat, such as the CPU or GPU. The fluid absorbs the heat by turning it into vapor, which carries the heat out of the equipment through the same tube.</li> <li style="text-align: left;"><b>Liquid immersion cooling.</b> This method <a href="https://www.techtarget.com/searchdatacenter/feature/Liquid-coolings-moment-comes-courtesy-of-AI">places the entire electrical device into dielectric fluid</a> in a closed system. The fluid absorbs the heat emitted by the device, turns it into vapor and condenses it, helping the device cool down.</li> </ol> <p>An additional cooling method is rear-door heat exchangers (RDHx). This method is typically combined with liquid cooling and adds a specialized door at the rear of server racks to chill the hot air expelled by the servers. At the same time, coolant transports the absorbed heat to a secondary cooling system. It can be passive RDHx, where the expelling airflow is generated by the server's internal fans, or active RDHx, where fans are added to the racks to assist in pulling exhaust air out of the racks and through the secondary cooling system. </p> <h3>Secondary cooling system equipment</h3> <p>Beyond the main cooling systems and options, there are other systems and equipment needed to ensure a reliable and efficient cooling system, including:</p> <ul type="disc" class="default-list"> <li><b>Sensors</b>. Temperature, humidity and airflow.</li> <li><b>Monitoring applications</b>. <a href="https://www.techtarget.com/searchdatacenter/feature/A-close-look-at-DCIM-software-and-the-broad-vendor-options">Alerting software</a> or modules that provide real-time feedback to data center operators before issues happen.</li> <li><b>Ducting systems and other physical equipment</b>. Properly maintained ducting, heat exhaust/ingestion vents, hoses, raised floors and server racks are all necessary to preserve the cooling system's integrity, efficiency and uptime.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Importance of energy efficiency in data center cooling"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Importance of energy efficiency in data center cooling</h2> <p>Cooling systems should be part of a data center's overall energy-efficiency strategy. As hyperscale and AI-driven workloads increase, data center facilities will face ever-increasing energy bills, reaching nearly <a href="https://mitsloan.mit.edu/ideas-made-to-matter/ai-has-high-data-center-energy-costs-there-are-solutions" target="_blank" rel="noopener">21% of global energy</a> demand by 2030, according to MIT Sloan School of Management.</p> <p>Ensuring the facility's infrastructure, such as HVAC and power systems, is in good repair is a good first step. Next, operators can review the IT hardware they use to ensure it remains optimally functioning. Replacement and sunsetting processes can help by introducing more modern, efficient technologies as needed.</p> <p>Exploring new cooling technologies is another way to manage energy efficiency. New and evolved technologies, such as free cooling and liquid cooling systems, can greatly reduce cooling needs and <a href="https://www.techtarget.com/searchdatacenter/tip/Four-ways-to-reduce-data-center-power-consumption">increase energy consumption efficiency</a> across the facility.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f.png 1280w" alt="Diagram of an energy-efficient data center." height="487" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Data centers are using technology such as energy-efficient HVAC systems and equipment racks with cooling systems to manage energy consumption. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Future data center cooling systems and technologies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Future data center cooling systems and technologies</h2> <p>Although liquid cooling is still relatively new, other data center cooling technologies are on the horizon, such as geothermal cooling methods, smart technologies that use AI and machine learning to better monitor and manage cooling, and evaporative cooling.</p> <h3>Striving for carbon-neutral data center cooling</h3> <p>Here are some ways data centers can use nature to cool their facilities:</p> <ul type="disc" class="default-list"> <li><a href="https://www.techtarget.com/whatis/definition/geothermal-cooling">Geothermal cooling</a> uses the near-constant temperature of the Earth's crust to provide cooling. It's a centuries-old idea, once used to keep food cold, adapted to our modern era. In data centers, geothermal cooling uses a closed-loop piping system with water or another coolant that runs through underground vertical wells filled with a heat-transfer fluid. Iron Mountain's western Pennsylvania data center, Verne Global in Iceland and Green Mountain in Norway <a href="https://www.techtarget.com/searchdatacenter/tip/The-pros-and-cons-of-geothermal-energy-use">use geothermal</a> cooling.</li> <li>Evaporative cooling, or swamp cooling, takes advantage of the drop in temperature that occurs when water is exposed to moving air and begins to vaporize and change to a gas. A fan draws warm data center air through a water- or coolant-moistened pad, and as the liquid evaporates, the air is chilled and returned to the data center. It can cost a fraction of an air-cooled HVAC system and works best in low-humidity climates.</li> <li>Solar cooling converts heat from the sun into cooling that can be used in data center air cooling systems. The system collects solar power and uses a thermally driven cooling process to lower the building's air temperature. This is useful in areas with a lot of sunlight or for data centers looking to supplement their current cooling with a more environmentally friendly method.</li> <li>Kyoto Cooling is an enhancement of the free-cooling method that uses a thermal wheel to control airflow between hot and cold zones in the data center. Internal hot air is vented to the outside as the wheel rotates. The outside air then cools the wheel and the air that is drawn back into the facility. It uses between 75% to 92% less power to run than other CRAH systems, reduces carbon dioxide emissions and eliminates the need for water in the cooling system. The technology is used by United Airlines' data center outside Chicago and by HP's data center outside of Toronto.</li> </ul> <h3>Making data center cooling smarter</h3> <p>Because many newer data center cooling technologies require significant investment from facility owners, smart technology has become popular. Data center smart assistants, AI and machine learning technologies can <a href="https://www.techtarget.com/searchdatacenter/answer/How-can-I-build-AI-capabilities-for-the-data-center">monitor facilities more efficiently</a> and make real-time adjustments to ensure optimal temperatures and humidity levels. Google, for example, uses smart temperature controls to reduce heat output and cooling usage.</p> <p>Data center cooling robots can move within the facility, monitoring temperatures and humidity levels in specific server cabinets. One challenge with manually monitoring cabinet temperatures is that conditions change as soon as the cabinet is opened. Companies such as OneNeck IT Solutions have developed a robot sensor probe that fits into standard cabinets. The robot moves up and down a belt-driven rail inside the cabinet to collect temperature data for each rack. It then transmits the data using Bluetooth to connected devices so data center pros can create a full heat map of the cabinet.</p> <h3>Improving heat exchange technology</h3> <p>Most technology includes a heat exchange feature, and as data centers handle increasing computer workloads, this technology is improving too. Server microchannel heat exchangers are evolving to use larger channels and different fluids, enabling more efficient heat transfer. They also use less cooling refrigerant than traditional exchange options, increasing their overall performance.</p> <p>Data center demand will only increase, so facility owners and their customers must look to more efficient, cost-effective cooling solutions -- whether that's less environmentally harmful options, such as geothermal and free cooling, or investing in and combining newer technologies, such as liquid immersion cooling for high-powered servers.</p> <p><b>Editor's note:</b> This article was updated in March 2026 to reflect new statistics, data center cooling practices and to enhance the reader's experience.</p> <p><em>Julia Borgini is a freelance technical copywriter, content marketer, content strategist and geek. She writes about B2B tech, SaaS, DevOps, the cloud and other tech topics.</em></p> </section> Extreme heat and cold can keep equipment from operating at peak efficiency. Explore cost-efficient and cost-effective cooling technologies and smart options for your facility. https://cdn.ttgtmedia.com/rms/onlineimages/storage_g1197646065.jpg https://www.techtarget.com/searchdatacenter/tip/Data-center-cooling-systems-and-technologies-and-how-they-work Mon, 16 Mar 2026 14:45:00 GMT Data center cooling systems and technologies and how they work <p><a href="https://www.gov.uk/government/organisations/companies-house" target="_blank" rel="noopener">Companies House</a>, the UK’s business registrar, has successfully rebooted its online WebFiling service after it emerged that a previously-unknown cyber security issue exposed various data on companies and people associated with them to other logged-in users.</p> <p>The flaw – which appears to have arisen during a WebFiling update last year – was never accessible to the general public and only logged-in users in possession of an authorised code could have exploited it, Companies House pulled WebFiling offline at lunchtime on Friday 13 March in order to investigate and remediate.</p> <p>Companies House found the data exposed included dates of birth, residential addresses and company addresses. It also discovered that it may have been possible for people to make unauthorised actions – such as changing directors or even filing accounts.</p> <p>It stressed that no credentials or data used for identity verification such as passport information, and neither could any existing filed documents have been altered.</p> <p>Companies House chief executive Andy King said: “We are asking all companies to check their registered details and filing history to make sure everything appears correct. If a company has a concern, please <a href="https://www.gov.uk/government/organisations/companies-house/about/complaints-procedure" target="_blank" rel="noopener">raise a complaint</a> and include evidence to describe the concern.</p> <p>“I recognise that this incident will have caused concern and inconvenience to many of the companies and individuals who rely on our services. I am sorry for that.</p> <p>“Companies House takes its responsibility to protect the data entrusted to us extremely seriously. We have taken swift action to secure and restore our service, and are committed to doing everything in our power to support those affected and to making sure that our services continue to merit the trust placed in them,” said King.</p> <p>The incident has been reported to both the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC). King said that the registrar was still actively analysing its data to try to identify any anomalies. He added: “If we find evidence that anyone has used this issue to access or change another company’s details without authorisation, we will take firm action.”</p> <section class="section main-article-chapter" data-menu-title="Simple vulnerability"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Simple vulnerability</h2> <p>The issue was first reported to Companies House by Dan Neidle, of non-profit thinktank <a href="https://taxpolicy.org.uk/" target="_blank" rel="noopener">Tax Policy Associates</a>, on behalf of John Hewitt, operations director at <a href="https://ghostmail.co.uk/" target="_blank" rel="noopener">Ghost Mail</a>, a provider of mailing address services.</p> <p>Writing online Neidle said the vulnerability was “incredibly simple” to exploit. All a logged-in user needed to do was click through the ‘file for another company’ option – which would usually prompt for an authentication code to stop unauthorised access. However, if the logged-in user hit their backspace key a few times they would be sent back not to their own dashboard, but to the ‘target’ company’s.</p> <p>Neidle said that the two men were able to use the vulnerability to view the private dashboard of another individual – with permission from them – and to successfully modify his own registered address at Companies House. “I was incredulous at what John showed me,” he said.</p> </section> <section class="section main-article-chapter" data-menu-title="Was the bug exploited?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Was the bug exploited?</h2> <p>It is unclear if the bug was ever exploited, but in Companies House’s view it was also highly unlikely that any systematic access to company records or large-scale data exfiltration took place because any access that did occur would have been limited to individual company records, viewed one at a time, by a registered user.</p> <p>Neidle noted that the flaw had been live and exploitable since October 2025, which meant there is a distinct policy that it was discovered by a threat actor. He said that if this had been the case, it was likely used “carefully, selectively and for profit” because broad exploitation would have been swiftly discovered.</p> <p>William Wright, CEO of <a href="https://www.cdsec.co.uk/" target="_blank" rel="noopener">Closed Door Security</a>, said the ability to access and edit company details presented a huge amount of leeway for both explicit and subtle fraud, and had caused serious uncertainty around a system used by the vast majority of UK companies.</p> <p>“Company directors and C-suite are already lucrative targets for phishing and fraudsters: these individuals typically have privileged access in company systems and are privy to sensitive and valuable information,” said Wright.</p> <p>“Being able to acquire details like home addresses, etc. makes targeted attacks like spear phishing against these individuals far more viable and increases the potential for many other kinds of fraud and targeted harassment. This is to mention nothing of the GDPR implications were information to be exposed.”</p> <p>He continued: “That companies’ registration details could also be modified presents obvious problems. Companies can be penalised in various ways for providing inaccurate information when filing, and this can lead in some instances to serious accusations of fraud. The fact details could be modified by anyone without authorisation could raise serious problems for future investigations, especially if there’s any suspicion of tampering.”</p> <p>Wright added that the length of time for which the flaw went undetected also raises more serious questions for Companies House as it suggests the body tasked with providing the public with an single, transparent source of accurate information on British businesses, lacked appropriate auditing, logging or testing procedures that might have spotted it sooner, and without outside help.</p> <p>“If the government and Companies House's current security testing processes were fit for purpose, flaws like this should not have occurred,” said Wright. “Given that many companies are required by law to use these services, basic testing and data protection are absolutely critical, especially if the government wants to retain its credibility with the business community.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about data breaches</h3> <ul class="default-list"> <li>Details of over 70 million customers of US sportswear giant Under Armour were leaked following a supposed ransomware attack <a href="https://www.computerweekly.com/news/366637595/Sportswear-firm-Under-Armour-falls-victim-to-data-breach" target="_blank" rel="noopener">by the Everest gang</a>.</li> <li>Synnovis, the pathology lab services provider hit by a Qilin ransomware attack in 2024, is notifying its NHS partners that their patient data was compromised, <a href="https://www.computerweekly.com/news/366634454/Synnovis-to-notify-NHS-of-data-breach-after-nearly-18-months" target="_blank" rel="noopener">following a lengthy investigation</a>.</li> <li>Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged <a href="https://www.computerweekly.com/news/366629784/Scale-of-MoD-Afghan-data-breaches-widens-dramatically" target="_blank" rel="noopener">following an FoI request by BBC journalists.</a></li> </ul> </div> </div> </section> Companies House was forced to pull its WebFiling service offline at the weekend after it emerged that a flawed update was putting data at risk of exposure. https://cdn.ttgtmedia.com/visuals/German/article/Data-breach-hacker-adobe.jpg https://www.computerweekly.com/news/366640295/Companies-House-restarts-online-services-following-cyber-breach Mon, 16 Mar 2026 14:35:00 GMT Companies House restarts online services following cyber breach <div class="extra-info"> <div class="extra-info-inner"> <h2>Executive Summary</h2> <ul class="default-list"> <li><b>Financial disruptions become operational crises fast.</b> The SVB collapse showed how quickly payroll systems, payment platforms and vendor integrations can stall when banking access is cut off.</li> <li><b>Technology leaders now play a role in financial resilience.</b> CIOs must help map financial dependencies, monitor risk signals and ensure systems that move money remain operational.</li> <li><b>Resilience requires redundancy and visibility.</b> Diversified banking relationships, real time financial data and crisis simulations help prevent single points of failure.</li> </ul> </div> </div> <p>On March 10, 2023, <a href="https://www.techtarget.com/whatis/feature/Silicon-Valley-Bank-collapse-explained-What-you-need-to-know">Silicon Valley Bank collapsed</a> after depositors withdrew $42 billion in a single day. At the time of the collapse, the bank held $209 billion in assets and ranked as the 16th-largest in the U.S. It failed not because its portfolio was worthless, but because rising interest rates had eroded the market value of its long-duration bond holdings, and its venture-capital-heavy deposit base moved faster than management could respond.</p> <p>U.S. regulators moved quickly to contain the fallout. On March 12, 2023, the Treasury Department, the Federal Reserve and the FDIC invoked the systemic risk exception, guaranteeing all SVB deposits beyond the $250,000 FDIC limit. The Federal Reserve simultaneously launched the Bank Term Funding Program to shore up liquidity at other institutions and prevent wider contagion. The intervention ultimately stabilized the system, but it was not guaranteed to do so. In the critical window after the bank's failure, many companies that relied on SVB for payroll and operational liquidity temporarily lost access to their funds.</p> <p>"What made the failure exceptional was velocity," Rishabh Shah, chief technology and innovation officer for financial services at Capgemini, said. "Once concerns circulated among interconnected depositors, billions in withdrawal requests arrived within hours, outpacing any manual intervention or escalation process the bank had in place."</p> <p>Three years after the SVB bank failure, the concentration risks, liquidity gaps and contingency planning failures SVB exposed remain largely unaddressed.</p> <section class="section main-article-chapter" data-menu-title="Lessons learned by businesses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Lessons learned by businesses</h2> <p>The SVB collapse produced clear lessons about cash management, banking concentration and crisis preparedness. Three years on, most businesses have yet to act on them.<b><br><br></b>The FDIC limit is a real constraint</p> <p>According to Ampersand's 2025 <a href="https://trustampersand.com/the-ampersand-2025-cfo-cash-confidence-report/" target="_blank" rel="noopener">Cash Confidence Survey</a>, 86% of corporate financial decision-makers carry more than $250,000 at a single bank. The same survey found that companies could operate for an average of less than three months if their primary bank failed.</p> <p>"The lesson of 2023 was not that banks can fail. We already knew that," CEO of Ampersand Kelly Brown said. "The real lesson is whether businesses are finally willing to treat cash as king and protect it accordingly."</p> <p>Despite knowing the FDIC limit, most businesses have not restructured their deposits accordingly. Brown said deposit management remains an afterthought for most companies, crowded out by growth and operational priorities.</p> <h3>Concentration risk extends beyond capital</h3> <p>Most organizations assume multiple vendor relationships mean diversification. Manish Jain, principal research director at Info-Tech Research, said SVB proved otherwise.</p> <p>"Most companies still think they have many partners, but when trouble arrives, they discover they've really been banking on just one," Jain said. He drew a direct parallel to cloud infrastructure, noting that organizations with <a href="https://www.techtarget.com/searchcio/feature/AWS-cloud-outage-reveals-vendor-concentration-risk">single cloud providers had seen the same pattern</a> when AWS, Microsoft or <a href="https://www.techtarget.com/whatis/feature/Explaining-the-largest-IT-outage-in-history-and-whats-next">CrowdStrike went down</a>.</p> <h3>Bank monitoring must be continuous</h3> <p>SVB's problems were visible in its balance sheet well before the run began. Shah said periodic board reviews and quarterly stress tests are designed for a slower-moving system and are insufficient when liquidity can drain in a single business day. Effective banking risk management now requires ongoing monitoring of counterparty health, deposit concentration and interest rate exposure.</p> <h3>Digital-age bank runs outpace traditional playbooks</h3> <p>The speed of SVB's collapse was unlike anything the banking industry had seen. Businesses that lacked pre-established backup banking relationships and clear fund transfer protocols discovered those gaps within hours of the collapse.</p> <p>"The SVB crisis was the fastest run on a bank, amplified by digital infrastructure and social networks," Jain said.</p> </section> <section class="section main-article-chapter" data-menu-title="Exposures that make businesses susceptible to losses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Exposures that make businesses susceptible to losses</h2> <p>The SVB collapse surfaced vulnerabilities that remain common across businesses today. Four stand out.</p> <ul class="default-list"> <li><b>Uninsured deposits risk. </b>The $250,000 FDIC limit applies per depositor, per institution, per account ownership category. "Many businesses still keep large deposits at a single institution, often well above FDIC insurance limits," Brown said.</li> <li><b>Insufficient contingency planning.</b> Most businesses run technology disaster recovery simulations, but few run the equivalent for a banking failure scenario.</li> <li><b>VC over-dependence</b>. Businesses with both operating accounts and VC relationships at SVB had no fallback when access to their accounts was cut off. Without alternative revenue streams or liquidity buffers, exposure was total.</li> <li><b>Banking concentration risk</b>. Specialized banks offer attractive services but can lack the diversification of larger institutions. Jain said the SVB episode showed how dangerously concentrated operational dependencies can become, whether the dependency is a bank, a payment rail or a cloud platform.</li> </ul> <p>"When SVB failed, companies realized within hours that a financial issue could quickly become an operational one," Melanie Quandt, senior director of trust and safety at Highspring, said.</p> <p>Quandt added that recent stress in private credit markets and rapid capital flows into AI infrastructure echo conditions that preceded SVB's failure, a reminder that financial cycles can shift fast.</p> </section> <section class="section main-article-chapter" data-menu-title="The role of CIOs and IT leaders in financial resilience"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The role of CIOs and IT leaders in financial resilience</h2> <p>Financial resilience is no longer purely a finance function. CIOs have a direct role, both in keeping systems operational during a crisis and in spotting risk before it becomes one.</p> <h3>Operational continuity is the CIO's mandate in a crisis</h3> <p>While the SVB incident was a financial one, it also affected CIOs.<br><br>"The CFO manages capital and liquidity strategy, but the CIO ensures the digital infrastructure that moves money, such as payroll systems, payment platforms, vendor integrations and cloud environments, remains stable and accessible," Quandt said.<br><br>Jain went a step further, emphasizing the critical nature of the situation for a CIO.</p> <p>"When the money stops moving, the systems stop breathing, and that's when CIOs, like their executive peers, must become the emergency room doctors for the business," Jain said.</p> <h3>Technology is a core tool for financial risk management</h3> <p>Organizations that cannot see their financial data in real time cannot respond to risk in real time. That gap is precisely what made SVB's failure so damaging to its depositors.</p> <p>"In most organizations, data is still trapped in silos, processed in batch cycles, and often requires significant manual enrichment. Information moves faster outside an enterprise than within it," Shah said.</p> <h3>Cybersecurity risk spikes during financial crises</h3> <p>Both Quandt and Jain noted that financial disruptions trigger increases in phishing, payment fraud and account takeover attacks. Brown specifically pointed to <a href="https://www.techtarget.com/searchsecurity/feature/AI-powered-attacks-What-CISOSs-need-to-know-now">AI-driven fraud</a>, including deepfakes used to attempt payment fraud or to <a href="https://www.techtarget.com/searchcio/tip/How-executives-can-counter-AI-impersonation">impersonate executives</a>. The systems that move money become a target precisely when organizations are most distracted.</p> </section> <section class="section main-article-chapter" data-menu-title="Actionable strategies to mitigate financial exposures"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Actionable strategies to mitigate financial exposures</h2> <p>Three years of inaction have a cost. CIOs who move now on financial resilience have a clear playbook to follow.</p> <ul class="default-list"> <li><b>Map how money moves</b>. Treat financial dependencies like technology architecture -- inventory every banking relationship, payment rail, payroll system and vendor integration before a crisis forces the audit. "If you don't know how and where your money flows, you're just hoping it flows somehow," Jain said. He also recommended running financial crisis simulations alongside standard disaster recovery tests.</li> <li><b>Build redundancy into the financial stack.</b> Visibility into dependencies is step one. Eliminating single points of failure is step two. Quandt said resilience then becomes a design decision: diversify banking relationships, strengthen identity and access controls and implement monitoring across financial workflows.</li> <li><b>Apply rigorous treasury management strategies</b>. A single banking relationship, no matter how established, is not a treasury strategy. "You can't just trust a big name. You need multiple backup providers, regular stress tests and alternative liquidity sources," said Jerry Shu, co-founder and CTO of Daylit. He also recommended building a peer network to compare real-world performance, since financial tools rarely deliver in practice what they promise in sales conversations.</li> <li><b>Prepare a financial crisis playbook. </b>Define communication protocols for financial emergencies, establish clear decision-making authority when fund access is interrupted and ensure rapid fund transfer capabilities can be executed in hours. Brown said CIOs should also participate in leadership-level reviews of cyber and crime insurance coverage.</li> <li><b>Verify FDIC coverage.</b> Most businesses assume their deposits are covered. The details matter more than the assumption. Confirm limits across all corporate accounts by institution and account category. Excess FDIC insurance products and reciprocal deposit arrangements are available for businesses that need coverage beyond $250,000. The FDIC's <a href="https://www.fdic.gov/resources/resolutions/bank-failures/" target="_blank" rel="noopener">Business and Industry resources</a> and the Financial Stability Oversight Council's <a href="https://home.treasury.gov/policy-issues/financial-markets-financial-institutions-and-fiscal-service/fsoc/studies-and-reports" target="_blank" rel="noopener">annual reports</a> offer additional guidance on bank failure protection and business deposit protection.</li> <li><b>Conduct regular risk assessments.</b> Point-in-time reviews are not adequate for risks that can materialize in hours. Shah argued that automated monitoring is the foundation -- continuous evaluation of deposit concentration, liquidity coverage ratios and duration mismatch removes reliance on periodic assessments. Structured human reviews remain necessary to ensure leadership acts on what systems detect.</li> <li><b>Build a culture of financial awareness</b>. Financial risk cannot be managed only within finance."Organizations that treat resilience as an ongoing governance practice rather than a reaction to crisis tend to navigate economic cycles much more effectively," Quandt said.</li> </ul> <p><i>This article is not financial advice. Readers should consult qualified financial and legal advisors for guidance specific to their organization.</i></p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> </section> The Silicon Valley Bank collapse revealed financial and operational risks for businesses. Three years later, CIOs still play a critical role in strengthening resilience. https://cdn.ttgtmedia.com/rms/onlineimages/money_g522019766.jpg https://www.techtarget.com/searchcio/feature/Silicon-Valley-Bank-collapse-Lessons-three-years-later Mon, 16 Mar 2026 14:26:00 GMT Silicon Valley Bank collapse: Lessons three years later <p>While the goal of every team is to keep possession, they often must hold the line, defend the goal and mount a comeback to win the game.</p> <p>This is as true in cybersecurity as it is in sports.</p> <p>Take high-profile events such as the Olympics or World Cup, for example. History has shown that these events, which draw billions of viewers, are ripe targets for the offense: cyberattackers.</p> <p>Past events have been marred by <a href="https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users">phishing attacks</a>, malware-ridden apps, fake social media accounts and spoofed domains, as well as DDoS attacks, hacktivism, state-sponsored attacks and infrastructure disruptions. The opening ceremony of the PyeongChang 2018 Olympics, for example, was notably <a target="_blank" href="https://www.darkreading.com/cyberattacks-data-breaches/cyberattack-aimed-to-disrupt-opening-of-winter-olympics" rel="noopener">disrupted</a> by the Olympic Destroyer malware, which targeted Wi-Fi networks, ticketing systems and broadcasting infrastructure. The Milano Cortina 2026 Olympics were no exception. Italy confirmed it blocked a series of cyberattacks targeting its foreign ministry offices, Olympics websites and hotels in the Cortina d'Ampezzo area days before the games opened.</p> <p>Yet history has also shown that defense wins championships -- a defense built by training consistently, keeping strategies sharp and warming up before the big event. In cybersecurity, this means preparing for when, not if, a cyberattack will occur -- i.e., having effective <a href="https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-why-is-it-important">risk management</a> and <a href="https://www.techtarget.com/searchsecurity/definition/incident-response">incident response</a> programs in place.</p> <p>In this Reporters' Notebook video, Tara Seals, managing editor of news at Dark Reading, David Jones, reporter at Cybersecurity Dive, and Sharon Shea, executive editor of TechTarget SearchSecurity, discussed the prevalence of cyberattacks on global events and how the challenges these events face are the same as those of everyday organizations.</p> <p>Watch now for insights on Dark Reading's and Cybersecurity Dive's coverage of global event cybersecurity, as well as the risk management and incident response lessons CISOs from organizations of all shapes and sizes can learn from such attacks, from <a href="https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan">preparing an incident response plan</a> to <a href="https://www.techtarget.com/searchsecurity/tip/Phases-of-the-third-party-risk-management-lifecycle">managing third-party risks</a>.</p> <p>And remember, as nine-time Olympic swimmer Mark Spitz said, "If you fail to prepare, you're prepared to fail."</p> <p>For more coverage on cyberattacks on large events:</p> <ul class="default-list"> <li><a target="_blank" href="https://www.darkreading.com/remote-workforce/winter-olympics-podium-cyberattackers" rel="noopener">Cyber threats loom over 2026 Winter Olympics</a></li> <li><a target="_blank" href="https://www.darkreading.com/cybersecurity-operations/crowds-drones-world-cup-cyber-challenges" rel="noopener">2026 FIFA World Cup poses significant cyber challenges</a></li> <li><a target="_blank" href="https://www.darkreading.com/cyberattacks-data-breaches/trial-ddos-attacks-on-french-sites-portend-greater-olympics-threats" rel="noopener">'Trial' DDoS attacks on French sites portend greater Olympics threats</a></li> <li><a target="_blank" href="https://www.darkreading.com/threat-intelligence/russia-cyber-operations-summer-olympics" rel="noopener">Russia aims cyber operations at Summer Olympics</a></li> <li><a target="_blank" href="https://www.darkreading.com/vulnerabilities-threats/paris-olympics-cybersecurity-at-risk-via-attack-surface-gaps" rel="noopener">Paris Olympics cybersecurity at risk via attack surface gaps</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/cisa-secure-our-world-super-bowl/707119/" rel="noopener">CISA blitzes Super Bowl with cyber campaign as businesses fumble security</a></li> </ul> <p>For more on risk management and incident response best practices:</p> <ul class="default-list"> <li><a href="https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan">How to build an incident response plan, with examples, template</a></li> <li><a href="https://www.techtarget.com/searchsecurity/tip/Incident-response-How-to-implement-a-communication-plan">Incident response: How to create a communication plan, with template</a></li> <li><a href="https://www.techtarget.com/searchsecurity/tip/How-to-conduct-incident-response-tabletop-exercises">Incident response tabletop exercises: Guide and template</a></li> <li><a href="https://www.techtarget.com/searchsecurity/tip/Counter-third-party-risk-with-continuous-vendor-monitoring">Counter third-party risk with continuous vendor monitoring</a></li> <li><a href="https://www.techtarget.com/searchsecurity/tip/How-to-build-an-effective-third-party-risk-assessment-framework">How to build an effective third-party risk assessment framework</a></li> <li><a href="https://www.techtarget.com/searchsecurity/tip/How-to-create-a-third-party-risk-management-policy">How to create a third-party risk management policy</a></li> </ul> <p><em>Sharon Shea is executive editor of TechTarget Security.</em></p> <transcript> <p><strong>Editor's note:</strong><em> The following transcript has been lightly edited for length and clarity.</em></p> <p><strong>Dark</strong><b> Reading's Tara Seals:</b> Hello, everybody. Thank you for joining us for the latest installment of Reporters' Notebook, featuring editors and reporters from Cybersecurity Dive, TechTarget SearchSecurity and Dark Reading. I'm Tara Seals, managing editor for news at Dark Reading. I am joined here by:</p> <p><b>TechTarget SearchSecurity's Sharon Shea:</b> I'm Sharon Shea, executive editor at TechTarget SearchSecurity.</p> <p><b>Cybersecurity Dive's David Jones:</b> David Jones, reporter at Cybersecurity Dive.</p> <p><b>Seals:</b> Great, thanks for joining. The Winter Olympics just concluded in Milan and Cortina, and now we're looking ahead to the World Cup this summer in North America. These high-profile events draw billions of viewers worldwide, lots of visitors and involve many moving parts to make them happen. That makes them an attractive target for cyberattacks, and there's a history of attacks on these events over the years.</p> <p>In Milan, for instance, this time, the Italian government said they thwarted some attacks, though they didn't detail them publicly.</p> <p>While it might seem like these events have little in common with everyday businesses, I think there are valuable incident response lessons to be learned.</p> <p>Dave, I know you've done a lot of reporting on some of the risks around these big events. That might be a good place to start.</p> <p><b>Jones:</b> Thanks, Tara. There are a couple of issues at play here, given the current global climate, including the conflict in Iran and challenges with key adversaries overseas. Events like these require careful consideration of the venue and coordination with allies to prepare and respond to potential incidents.</p> <p>These events involve a wide range of potential disruptions, from physical security to digital security. You want attendees, including diplomats, celebrities and political leaders, to feel safe and welcome without turning the event into a stifling police operation.</p> <p>One major attraction for attackers is the ability to make a broad statement to millions of people through disruptions, such as interrupting broadcasts or delaying live coverage. We've seen attempts at this during previous Olympic Games. Ensuring these events proceed without visible disruptions is a significant undertaking.</p> <p><b>Seals:</b> The Pyeongchang 2018 Winter Olympics is a prime example of disruption. The Olympic Destroyer malware caused issues during the Opening Ceremony, including taking down Wi-Fi networks, ticketing systems and contributing to flickering broadcast infrastructure. While the attackers didn't achieve their full intent, the incident highlighted the importance of planning and incident response.</p> <p>Similarly, during the London Olympics, the UK thwarted an attack on the power grid. While nothing happened publicly, behind the scenes it was a frenzied incident response situation. These examples show how common these challenges are for large-scale events.</p> <p>Dave, in your reporting on World Cup threats, what are some commonalities between these events and everyday businesses?</p> <p><b>Jones:</b> Major businesses often sponsor global events, send senior executives to attend or have critical proprietary or customer data at risk during these events. These executives, who have access to sensitive data, may be targeted personally, whether through tracking, compromised devices or identity theft.</p> <p>Attackers could use stolen identities to send messages in their names, potentially gaining access to the company's systems. Protecting these individuals and preserving the company's reputation is crucial.</p> <p>This isn't just relevant for sporting events but also for large company meetings, business conferences and multinational events. Companies need to ensure their security measures are robust to protect their people, data, and brand image.</p> <p><b>Seals:</b> Absolutely. If you distill the threats seen at events like the Olympics, World Cups and other big events like the Super Bowl, they're the same as those faced by everyday businesses -- just on a larger scale. Phishing, DDoS, hacktivism, infrastructure disruption, malware, data exfiltration, spyware implantation and more.</p> <p>These global events provide a unique opportunity to see how incident response should be architected. The threats are the same, but the scale is larger. Sharon, can you talk about some incident response best practices we can learn from these events?</p> <p><b>Shea:</b> Absolutely, Tara. These events act as real-world stress tests for incident response. While we may not know everything that happens behind the scenes, it's clear they involve well-oiled machines monitoring, detecting, containing and recovering from attacks.</p> <p>On SearchSecurity, we've published extensive content on layered defense, cyber resilience and incident response. Preparation is key. Organizations need a well-vetted, regularly tested and updated incident response plan to mitigate financial, operational and reputational damage.</p> <p>First, create an incident-response plan outlining high-level priorities. Incident response is a team effort, involving responders, forensic analysts, security analysts, PR, legal and external law enforcement, as needed.</p> <p>You also need playbooks with actionable steps to respond to specific threats like DDoS, ransomware and credential harvesting. And, of course, practice is essential: test playbooks through simulations, tabletop exercises, and red/blue team drills to see how the team reacts under pressure.</p> <p>Practice, practice, practice. You need to test those playbooks, conduct simulations, tabletop exercises, red team, blue team drills. It's crucial to see how the team reacts under pressure. The first time an incident happens should not be the first time your incident-response team sees the incident-response plan or playbook.</p> <p><b>Jones:</b> Unless you're Allen Iverson, who never liked to practice, but that's another story.</p> <p><b>Shea:</b> I also wanted to touch on something Dave said earlier. These big world events highlight a reality we're seeing in organizations today: the third-party ecosystem.</p> <p><b>Seals:</b> Right.</p> <p><b>Shea:</b> Events like the Olympics involve ticketing agencies, streaming services, vendors, sponsors -- a massive network with a huge attack surface. One weak link in the chain can lead to significant consequences. This mirrors organizations working with partners, suppliers, service providers and other third parties. Vetting who you work with and continuously monitoring vendors is essential for maintaining a secure partner and supply chain ecosystem.</p> <p><b>Seals:</b> Absolutely.</p> <p><b>Shea:</b> Another critical point is communication. When the world is watching, how quickly and effectively you communicate during an incident matters as much as how quickly you remediate the issue. Internal and external communications are key.</p> <p><b>Seals:</b> Agreed.</p> <p><b>Shea:</b> You need a crisis or incident-response management communication plan. You want your employees, partners, the media, customers, regulators to have consistent, clear, accurate and rapid messaging. That helps maintain trust, minimize chaos and ensure coordinated incident response can happen. Fixing the issue is important, but so is ensuring the communication is handled effectively.</p> <p><b>Seals:</b> Events like the Olympics, World Cup or Super Bowl are meticulously planned over years, with incident response plans tested and refined constantly. Yet, even they face challenges from attackers exploiting cracks in the armor.</p> <p><b>Jones:</b> This underscores the importance of alliances and coordination between partners. Managing security -- both physical and digital -- for such events requires strong relationships across jurisdictions and countries.</p> <p><b>Shea:</b> Don't be the weakest link.</p> <p><b>Jones:</b> For example, CISA, the State Department, other agencies participated in preparing for the Olympics, and you need to know the role of your particular agency or your diplomatic corps or your security team in the plan, in the event of an attack if the lights go out, if the ticketing stops working. Everybody's going to have to spring into action at some level of coordination.</p> <p><b>Seals:</b> Absolutely. Yeah, 100%. All right, guys. Well, I think we can leave it there. I really appreciate your time. And for our viewers, once again, I'm Tara Seals with Dark Reading. I have been joined by Sharon Shea from TechTarget SearchSecurity and Dave Jones at Cybersecurity Dive. Thank you for watching.</p> </transcript> Cybersecurity lessons from global sports events show that preparation, defense and quick recovery are essential to besting adversaries. https://www.techtarget.com/searchsecurity/video/Lessons-in-incident-response-from-the-Olympics-World-Cup Mon, 16 Mar 2026 13:18:00 GMT Lessons in incident response from the Olympics, World Cup <p>In July 2024, we listened to the <a href="https://www.computerweekly.com/news/366596014/Labour-government-plans-new-laws-around-cyber-security-data-sharing-and-skills">Labour government’s first King’s Speech</a>. It contained a single line almost imperceptibly nodding towards something on artificial intelligence (AI). The government said it would “seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models”.</p> <p>Some 20 months later - no bill, no consultation and very little comment.</p> <p>It was said <a href="https://www.computerweekly.com/opinion/AI-legislation-in-the-UK-has-anybody-seen-any">there would be a draft bill ready to go at the end of 2024</a>. Nothing appeared. A consultation heralded late last Autumn -still, this Spring, nothing. I suppose there is some consistency in this approach, but it is less defined by diving into the detail and more about mind the gap.</p> <p>As we lurch towards the end of this Parliamentary session it is abundantly clear – there is still no AI Bill.</p> <p>The next King’s Speech is likely to be in early May. Two months to go and, somewhat surprisingly, it seems this too will contain nothing on a specific AI bill.</p> <p>I say “surprising” as the government may well wish to continue with its “wait and see” approach to AI legislation but, this comes at the same time as government is racking up an increasing number of significant issues that it wants to address in relation to AI. All of which, by its own admission, will require primary legislation.</p> <section class="section main-article-chapter" data-menu-title="Urgent need"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Urgent need</h2> <p>It is for these reasons that I published recently a <a href="https://lordchrisholmes.com/the-urgent-need-for-uk-ai-legislation-now/">Parliamentary One-Pager</a> (POP) on the matter. In short, stating the urgent need for cross-sector, cross-economy AI legislation and subsequent regulation in the UK.</p> <p>I didn’t want to lay out a voluminous report, just a straightforward one-pager making one single point - the time for talk is well past, the UK government must decide its position, its vision for AI in the UK and bring forward the necessary legislation.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Effective governance isn’t a brake pedal - it’s how boards give companies strategic direction </figure> <figcaption> <strong>Erin Young, Institute of Directors </strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The government seems caught on the horns of that tediously recurring false dichotomy that you can only have either innovation or regulation, which is utter nonsense as all history shows. For example, the <a href="https://www.computerweekly.com/news/366625852/UK-finance-regulator-tie-up-with-NVIDIA-allows-firms-to-experiment-with-AI">fintech regulatory sandbox</a>, to cite just one illustration. Measure of success? Well, replicated in just under a hundred jurisdictions around the world.</p> <p>So, having <a href="https://www.computerweekly.com/opinion/Our-data-our-decisions-our-AI-future-why-we-need-an-AI-Regulation-Bill">agile, adaptive legislation and right-sized regulation</a> is good for innovation and investment, good for the citizen, the creative, the consumer, effectively good for our country.</p> <p>And the public are with the POP on this matter. Recent research from the Ada Lovelace Institute found the current government approach is “increasingly out of step with public attitudes”.</p> <p>Add to this, even if we take the government at its word, it indicated that targeted primary legislation is required for, among other areas: frontier AI; IP and copyrighted works; the <a href="https://www.computerweekly.com/news/366633176/Government-to-launch-AI-sandbox-scheme">AI Growth Lab</a>; and AI chatbots.</p> <p>So according to the government, there will be no cross-sector legislation and no domain-specific legislation, but legislation is needed.</p> </section> <section class="section main-article-chapter" data-menu-title="Whack-a-mole"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Whack-a-mole</h2> <p>When I launched the POP, Gaia Marcus, director at the Ada Lovelace Institute, warned that wait-and-see inevitably becomes whack-a-mole.</p> <p>Putting the positive business case, Erin Young from the Institute of Directors reframed the conversation, pointing out that “effective governance isn’t a brake pedal, it’s how boards give companies strategic direction.”</p> <p>And for the people, all of us, Hannah Perry of think-tank Demos made a compelling case that AI could be part of a new social contract between state and citizen, but only if we break out of the “democratic doom loop” with concrete protections like a declaration of digital rights.</p> <p>It is more than clear that the current approach has resulted in fragmentation and uneven application. Multiple regulators, domain‑specific but not AI‑expert or experienced, and in certain sectors no regulator at all.</p> <p>The day after my POP was launched, the Joint Committee on Human Rights heard from three such regulators - the Equality and Human Rights Commission (EHRC), the Information Commissioner’s Office and Ofcom - about the fast-growing impact of AI on people’s rights.</p> <p>Each regulator emphasised that while they already oversee important aspects of AI - such as equality, privacy, and online safety - the pace of technological change is outstripping the speed of traditional regulation. They also highlighted serious concerns ranging from biased algorithms to gaps in oversight, especially where AI is deployed in sensitive areas like policing, welfare, and social media.</p> <p>A recurring theme was capacity. Regulators face resource constraints, most starkly the EHRC, which has operated on a frozen budget for over a decade, while trying to keep up with increasingly complex technologies.</p> <p>Again, the public seem to get it quicker than the government - <a href="https://www.computerweekly.com/news/366621653/UK-public-expresses-strong-support-for-AI-regulation">89% of those polled on the point by the Ada Lovelace Institute</a> support an independent regulator. Interestingly, it is one of the key provisions of my AI [Regulation] private member’s bill.</p> </section> <section class="section main-article-chapter" data-menu-title="Economic imperative"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Economic imperative</h2> <p>The point should be clear, not least to government, that a wait-and-see, voluntary, partial, domain-specific approach can no longer be accepted. It fails to enable, empower, and optimise the UK AI opportunity.</p> <p>More importantly, it is not what the public want. There is an economic, a social, and a psychological imperative to act. We need a cross-cutting, principles-based, and outcomes-focused AI Bill. It’s time to legislate, together, on AI. It’s time to human lead. Our data, our decisions, our AI futures.</p> <p>From a UK perspective - economic, social, psychological - the case is clear, we legislate or we lose. The government brings forward a bill, or the benefits fail to be brought forth. “Wait and see” is not a strategy. It is the perspective of the spectator, not the player. To govern is to choose.</p> <p>The government must choose cross-sector AI legislation and the subsequent right-sized regulation. They must choose to put this at the heart of the next King’s Speech. May will otherwise be a more than unfortunate continuation of “may not”.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about tech legislation</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/opinion/Will-there-be-a-technology-policy-epiphany-in-2026">Will there be a technology policy epiphany in 2026?</a> The UK government faces many complex technology policy decisions in the year ahead, which could reshape the country for a digital, AI-led future.</li> <li><a href="https://www.computerweekly.com/news/366635624/UK-government-pledges-to-rewrite-Computer-Misuse-Act">UK government pledges to rewrite Computer Misuse Act</a> - Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution.</li> <li><a href="https://www.computerweekly.com/opinion/Balancing-regulation-and-innovation-to-ensure-the-UK-remains-a-global-leader-in-AI">Balancing regulation and innovation to ensure the UK remains a global leader in AI</a> - The EU has taken a lead in regulating artificial intelligence through its AI Act - the UK government needs to respond or it risks losing the UK's status as an AI innovation frontrunner.</li> </ul> </div> </div> </section> Despite past promises of regulation on AI, there is no indication the Labour government is planning any legislation in the next session of Parliament - and that's an economic and social mistake https://cdn.ttgtmedia.com/visuals/Hero-Regulation-Sandwish-01.jpg https://www.computerweekly.com/opinion/The-upcoming-Kings-Speech-where-are-the-words-on-AI Mon, 16 Mar 2026 12:57:00 GMT The upcoming King’s Speech - where are the words on AI? <p>As with many technologies, AI and cybersecurity are becoming increasingly intertwined. An organization can expect AI to support the cybersecurity mission in multiple ways, including reducing overall risk, boosting efficiency and making security more cost-effective.</p> <p>What's not easy to determine is the ROI of AI cybersecurity investments.</p> <section class="section main-article-chapter" data-menu-title="Measuring AI's ROI: Metrics matter"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Measuring AI's ROI: Metrics matter</h2> <p>When it comes to AI investments in cybersecurity, the ROI conversation must begin with the right metrics. Not all value shows up on a balance sheet, so security leaders need to think across three distinct categories: efficiency gains, risk reduction and cost avoidance.</p> <p>Efficiency gains are often the most immediate and measurable metric. AI can effectively multiply the capacity of a security team without adding head count. Rather than asking how many people AI replaces, ask how many more actions your existing team can take with AI's assistance. The metric here is throughput, which is the number of incidents investigated, configurations reviewed or alerts triaged per analyst per day, before and after AI deployment.</p> <p>Risk reduction is harder to quantify, but it is arguably more important for <a href="https://www.techtarget.com/searchcio/feature/From-IT-to-ROI-Framing-cybersecurity-for-the-board">conversations with the board</a>. Relevant metrics include mean time to detect (<a href="https://www.techtarget.com/searchitoperations/definition/mean-time-to-detect-MTTD">MTTD</a>), mean time to respond (MTTR), reduction in the number of unaddressed vulnerabilities over a given period, and improvements in coverage across the attack surface. Security leaders should also track whether AI is closing the gap on <a href="https://www.techtarget.com/searchsecurity/feature/How-AI-driven-patching-could-transform-cybersecurity">configuration and patch management work</a> that used to slip through the cracks. The common complaint, "We didn't catch that because we didn't have enough people,<i>"</i> often stymies security organizations.</p> <p>Another metric to consider is cost reduction. This includes avoided <a href="https://www.techtarget.com/searchsecurity/tip/How-to-calculate-the-cost-of-a-data-breach">breach costs</a>, reduced reliance on outside professional services for routine security hygiene and the cost differential between scaling AI capabilities and scaling head count to achieve the same outcomes. Reports from Gartner, <a target="_blank" href="https://www.ibm.com/reports/data-breach" rel="noopener">IBM</a> and others provide useful industry benchmarks about the costs of data breaches that CISOs can use to anchor these estimates.</p> </section> <section class="section main-article-chapter" data-menu-title="The challenges of calculating ROI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The challenges of calculating ROI</h2> <p>Even with the right metrics defined, calculating ROI for AI in cybersecurity is genuinely difficult.</p> <p>When a breach does <i>not</i> occur, it's nearly impossible to prove definitively that AI prevented it. Security has always struggled with this counterfactual challenge, and AI doesn't solve it -- it inherits it. The best approach is to establish clear baselines before deployment and track directional improvement over time rather than claiming precision that simply is not achievable.</p> <p>ROI calculations are also complicated by shadow AI. Measuring the return on sanctioned AI security tools without accounting for <a href="https://www.techtarget.com/searchsecurity/tip/Shadow-AI-How-CISOs-can-regain-control-in-2026">AI deployments that create risks elsewhere</a> will yield misleading results. Creating a complete inventory of AI usage -- sanctioned and unsanctioned -- is a prerequisite for any credible ROI analysis.</p> <p>Another challenge is that AI outputs are not always reliable enough to act on. Organizations are confronting this in real time. For security use cases where a bad recommendation could take down a manufacturing line or open an attack vector, reliability isn't optional. ROI calculations need to factor in the cost of human review and validation that responsible AI deployment requires.</p> <p>AI tools perform based on the quality of the data, processes and people they operate against. Organizations that lack clean asset inventories, consistent logging or mature detection workflows will see lower returns than those that have done the foundational work. ROI projections that don't account for an organization's starting point tend to disappoint.</p> </section> <section class="section main-article-chapter" data-menu-title="Best practices for calculating and maximizing ROI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Best practices for calculating and maximizing ROI</h2> <p>Getting the numbers right matters, but so does ensuring that AI investments deliver. Here's how leading CISOs approach both.</p> <h3>Start with business outcomes, not technology</h3> <p>Before deploying any AI capability, define the specific security problem you intend to solve. Decide what success looks like in measurable terms. This discipline makes ROI measurement straightforward because the metrics are defined before deployment, not retrofitted later.</p> <h3>Design with a human-in-the-loop mindset</h3> <p>Organizations seeing the best results from AI in cybersecurity are not trying to remove humans from the equation. They use AI to make human judgment faster and better informed. This design is not just good risk management. It also makes ROI easier to measure because it becomes possible to track how often and how quickly AI-generated recommendations are acted on -- and to what effect.</p> <h3>Report ROI in the language of your audience</h3> <p>CISOs presenting to the board need to <a href="https://www.techtarget.com/searchsecurity/tip/7-key-cybersecurity-metrics-for-the-board-and-how-to-present-them">translate security metrics into business outcomes</a>: reduced risk, avoided costs and improved competitive positioning. When presenting to their team, a security leader needs to show how AI is making the work more impactful -- not threatening people's roles. Tailoring the ROI story to the audience is as important as the underlying data.</p> <h3>Establish baselines before deployment</h3> <p>It is impossible to demonstrate ROI without a before-and-after comparison. Document the <a href="https://www.techtarget.com/searchsecurity/tip/The-best-incident-response-metrics-and-how-to-use-them">relevant metrics</a>, such as MTTD, MTTR, analyst-to-alert ratios and open vulnerability counts, before turning on any AI capability. These baselines serve as the foundation for every subsequent ROI conversation.</p> <h3>Revisit and recalibrate regularly</h3> <p>AI capabilities and the threat landscape they are designed to address evolve rapidly. An ROI framework that was relevant six months ago might need to be updated. Build quarterly reviews into AI investment governance processes and be willing to reallocate if certain tools underperform relative to their costs.</p> <p><i>Ashwin Krishnan is the host and producer of StandOutIn90Sec, based in California, where he interviews tech leaders, employees and event speakers in short, high-impact conversations.</i></p> <p> </p> </section> Investing in AI tools can benefit an organization's security posture. Understanding and quantifying those improvements, however, poses a real challenge. https://cdn.ttgtmedia.com/rms/onlineimages/security_a252808758.jpg https://www.techtarget.com/searchsecurity/tip/Calculating-the-ROI-of-AI-in-cybersecurity Mon, 16 Mar 2026 12:29:00 GMT Calculating the ROI of AI in cybersecurity <p>LAS VEGAS -- At Enterprise Connect, Zoom announced the expansion of agentic AI capabilities across its entire portfolio, rolling out AI Companion 3.0 to the Zoom Workplace app, Zoom Business Services and Workvivo.</p> <p>Aiming to address the fragmentation of data captured across collaboration tools and workflows, Zoom's agentic AI embeds workflow automation directly into meetings, calls, chat and contact center interactions.</p> <p>"Where we're going is about using AI to create," said Jeff Smith, interim chief product officer at Zoom. "The two things you need to create are a rich repository of trusted data and the services that you can take action on."</p> <p>One new AI Companion capability is an AI notetaker, called My notes, which can be used for in-person, Zoom, Microsoft and Google meetings. Users can jot down quick thoughts in their personal notes, and the notetaker can expand with key takeaways.</p> <p>Zoom also introduced updates to its Custom AI Companion add-on to enable organizations to deploy prebuild AI agents for sales, IT and marketing that automate repetitive tasks. Users can also create <a href="https://www.techtarget.com/searchenterpriseai/feature/AI-agents-increasingly-viable-for-enterprise-use">AI agents for their personal workflows</a> or send an agent to an admin to share across teams. Additional updates to the add-on include new third-party integrations and enhanced personalization for users based on job roles, preferences and focus areas.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/zoom_ai_companion-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/zoom_ai_companion-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/zoom_ai_companion-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/zoom_ai_companion-f.jpg 1280w" alt="A screenshot of AI Companion in Zoom Workplace" height="369" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>AI Companion 3.0 drives automation and agentic AI across the Zoom portfolio. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="Zoom enters productivity space"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Zoom enters productivity space</h2> <p>Zoom introduced AI-driven Docs, Sheets and Slides to enable employees to create documents and presentations by pulling information directly from meeting conversations and chats.</p> <p>AI can't replicate the ideas humans generate through interaction with each other, Smith said. But AI can automate tasks, such as building project plans, presentations and templates. This frees up users to spend more time on meaningful collaboration.</p> <p>The introduction of productivity tools to Zoom highlights a growing market trend. Unified communications and collaboration tools have been adjacent to <a href="https://www.techtarget.com/searchmobilecomputing/definition/end-user-computing-platform-EUC-platform">end-user computing</a> in the digital workspace, but now they are overlapping, said Gabe Knuth, an analyst with Omdia, a division of Informa TechTarget.</p> <p>"AI is taking this a step further by integrating communications and collaboration workflows and data into the productivity apps where the work gets done," Knuth said.</p> <p>However, the goal is not for Zoom to replace popular productivity suites from Microsoft and Google, said Leo Boulton, head of products, solutions and industry marketing at Zoom. Instead, Zoom's Docs, Sheets and Slides integrate with Microsoft 365 and Google Workspace, enabling employees to continue working in their Zoom environment. Documents can also be exported to Microsoft and Google file formats.</p> <p>"You can look at them as extending the power of Zoom AI Companion by turning conversations and meetings into finished work," Boulton said.</p> </section> <section class="section main-article-chapter" data-menu-title="Zoom Workplace updates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Zoom Workplace updates</h2> <p>Zoom is also updating its Workplace platform to offer a simpler, unified experience across desktop, mobile and web applications. New features include the following:</p> <ul class="default-list"> <li><b>Zoomie Group Assistant</b>. This group facilitator, which functions across meetings, chat and Zoom Rooms, can answer questions on behalf of a group and provide real-time meeting support.</li> <li><b>Zoom Chat. </b>New AI capabilities better help users manage information, including custom chat agents, summaries for longer threads, prioritizing key messages and highlighting next steps.</li> <li><b>Deepfake risk detection.</b> The security feature, which provides real-time alerts when <a href="https://www.techtarget.com/searchsecurity/tip/How-to-detect-deepfakes-manually-and-using-AI">synthetic audio or video is detected</a>, is available to users attending both internal and external meetings.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Zoom Phone updates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Zoom Phone updates</h2> <p>The addition of AI Companion 3.0 to <a target="_blank" href="https://news.zoom.com/ec26-zoom-phone/" rel="noopener">Zoom Phone</a> enables organizations to do more with their conversation data. Agentic workflows can perform follow-up tasks, such as sending emails or identifying next steps. Additional AI capabilities added to Zoom Phone include the following:</p> <ul class="default-list"> <li><b>SMS for Virtual Agent AI Receptionist. </b>This feature enables agentic self-service text interactions for customer engagement, such as answering questions and collecting information. It can also escalate conversations to a human if needed without disrupting the conversation's flow.</li> <li><b>Zoom Phone Mobile. </b>With this function, users can make calls with their native dialer and access Zoom Phone features, like call queues.</li> <li><b>Customer Engagement Pack. </b>Offering a real-time view of customer engagement prioritized by activity and importance, AI can flag interactions that require immediate attention.</li> <li><b>Operator Connect for Microsoft Teams. </b>This feature provides centralized telephony management within Zoom and delivers Zoom PSTN to Teams.</li> </ul> <p><em>Katherine Finnell is senior site editor for Informa TechTarget's unified communications site. She writes and edits articles on a variety of business communications technology topics, including unified communications as a service, video conferencing and collaboration.</em></p> </section> AI Companion 3.0 is breaking down communications silos across meetings, calls, chat and contact center. New custom AI agents also automate sales, IT and marketing workflows. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1182183209.jpg https://www.techtarget.com/searchunifiedcommunications/news/366640476/Zoom-integrates-agentic-AI-across-platform-portfolio Mon, 16 Mar 2026 12:22:00 GMT Zoom integrates agentic AI across platform portfolio <p>Omdia has raised concerns that the channel is facing a profitability crisis sparked by a number of factors, including geopolitical uncertainty, component shortages and the impact on pricing.</p> <p>With vendors shortening their pricing windows for the channel to ensure they can react to component shortages and quote at the market level, predictability in the market has come under further strain.</p> <p>According to research from Omdia, those negative market conditions are now expected to hit first-quarter profits, with almost 60% of partners globally indicating that they expect double-digit declines in the first three months of the year.</p> <p>The impact the Iran war has had on energy prices is one factor, but the increasing tendency by hardware suppliers to refuse to hold prices until the point of shipment is eroding customer confidence, with the threat of increased costs adding to the reasons to hold off on pulling the trigger on a purchase order.</p> <p>Sharing the <a href="http://www.linkedin.com/">research results on social media</a>, Alastair Edwards, chief analyst at <a href="https://www.google.com/aclk?sa=L&pf=1&ai=DChsSEwjVpdORvqSTAxUUm1AGHeB2FNoYACICCAEQABoCZGc&co=1&ase=2&gclid=CjwKCAjw1N7NBhAoEiwAcPchpzowrugPbTrv4KsIPADmlGLjm-LTKe_iMVS7LVanFofx3l83dxT3lRoC6jwQAvD_BwE&cce=2&category=acrcp_v1_32&sig=AOD64_0ahWCb1aokSJscyu6fsXcZRa8lKQ&q&nis=4&adurl=https://omdia.tech.informa.com/?utm_source%3Dpaid_OMDIA_x_OMDIA_le_aud_x_x_LEADS_OMDIA_Traffic_2025_Paid-Google-Brand%26gad_source%3D1%26gad_campaignid%3D23009431649%26gbraid%3D0AAAAACPjfnR0flF9ktvMaMKqWMGTiBLKE%26gclid%3DCjwKCAjw1N7NBhAoEiwAcPchpzowrugPbTrv4KsIPADmlGLjm-LTKe_iMVS7LVanFofx3l83dxT3lRoC6jwQAvD_BwE&ved=2ahUKEwjmxs2RvqSTAxXQW0EAHfMuLDoQ0Qx6BAgLEAE">Omdia</a>, said vendors’ actions were making life increasingly difficult for partners.</p> <p>“With many hardware vendors now refusing to hold hardware prices for partners until the point of shipment, or cancelling orders even after a purchase order has been received, partners are left carrying greater levels of risk. Those tied into contractual pricing agreements with customers face a potential disaster,” he stated.</p> <p>“Conflict in the Middle East threatens to intensify the crisis, with oil prices surging and supply chains disrupted. Distributor profits will come under greater pressure, particularly if delivery and logistics costs rise sharply. If conditions continue to deteriorate, the risk of channel bankruptcies is set to increase dramatically,” he added.</p> <p>Although profits are coming under strain, those quizzed by Omdia about revenues shared more optimism, with lower levels expecting a decrease and a third looking for growth.</p> <p>The results from the large, publicly listed players in the channel have been positive, but those covering trading in the first quarter have yet to come out. Since the end of last year, the pressure to pass on price rises has increased and become more of a challenge for resellers and managed service providers (MSPs).</p> <p>The expectation is that the pressure to pass on price rises will start to show on the bottom line as the channel moves through the first quarter and deeper into 2026.</p> <p>Edwards added that the factors impacting first-quarter profitability were not moving anytime soon and would continue to have an impact through the rest of the year.</p> <p>“Profit challenges in the channel are highly likely to worsen in the coming quarters. With shortages persisting (if not worsening) for 12 months or longer, the technology industry faces a reckoning. Better collaboration between vendors, partners and distributors – and a greater willingness to share financial risk – is needed across the ecosystem,” he said.</p> <p>The Iran conflict has been raging for more than two weeks, and the price of oil has risen sharply, but there are signs that even in that situation, the markets are adapting to conditions, which could help improve confidence.</p> <p>“Oil prices are steadily marching higher again, increasing inflation risks and threatening global growth. However, with the initial shock of war in the Middle East fading and investors getting used to the new normal, the FTSE 100 has crept into positive territory at the start of the week,” said Susannah Streeter, chief investment strategist at <a href="https://www.wealthclub.co.uk/">Wealth Club</a>.</p> Research from Omdia reveals the impact geopolitical uncertainty and shortages are having on partner businesses https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/financial-results-chart-graph-5-adobe.jpeg https://www.computerweekly.com/microscope/news/366640317/Channel-facing-profitability-threat Mon, 16 Mar 2026 11:41:00 GMT Channel facing profitability threat <p>When athenahealth and b.well partnered to enable patient-led data sharing earlier this year, they didn't entirely start from scratch, according to Sam Lambson, the company's VP of product. In fact, the system's design -- which lets patients share health data through a QR code -- is inspired by the patients athenahealth and its customers serve.</p> <p>"For patients, maybe they could upload a document in the patient portal, or they could bring a CD or a piece of paper to an appointment, which the doctor would then have to import somehow," Lambson said in a recent interview, recalling the early aughts of healthcare's digital transformation.</p> <p>Those days might be over, with a new system from athenahealth and b.well, a FHIR-based platform that lets patients access and share their information all in one spot, aiming to streamline the data-sharing process. Patients can pull all their health information, including from non-athena EHRs and consumer-facing apps, into the b.well platform to generate a QR code.</p> <p>Clinicians can scan the QR code using technology already embedded in athenahealth's system, and the information will be integrated in a usable way.</p> <p>"The QR code is similar to patients bringing a bag full of papers to an appointment," Lambson said. "But we can do a lot more with that information than we could do with those papers," he added.</p> <section class="section main-article-chapter" data-menu-title="Making headway in CMS Health Tech Ecosystem pledge"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Making headway in CMS Health Tech Ecosystem pledge</h2> <p>The system was launched earlier this year as a part of athena and b.well's participation in the <a href="https://www.techtarget.com/searchhealthit/news/366628294/Tech-giants-providers-back-CMS-health-tech-ecosystem-initiative">Centers for Medicare & Medicaid Services (CMS) Health Tech Ecosystem</a>.</p> <p>Announced last summer, the ecosystem calls for an <a href="https://www.techtarget.com/searchhealthit/feature/Why-HIEs-will-be-essential-to-CMS-Health-Tech-Ecosystem?Offer=ab_MeteredFormCopyEoc_ctrl">interoperability framework for health IT developers</a> and an initiative to "Kill the Clipboard" and promote a unified digital patient experience.</p> <p>This latest partnership with b.well is a big step toward fulfilling the aims of the Kill the Clipboard pledge.</p> <p>But, perhaps more importantly, Lambson said it's a big step in proving exactly what's possible in the digital patient engagement space.</p> <p>"What we're trying to do with b.well and through the health tech initiative is to try to showcase the art of the possible," he said. "We wanted to be sure that the market understands what's possible with a cloud-based EHR working with independent, third-party, patient-oriented applications to improve the flow of information between doctors and patients."</p> <p>That's exciting work, Lambson added, considering athenahealth's longstanding commitment to unifying the digital patient experience.</p> <p>"Patients live in a world where they see multiple doctors, especially the Medicare population," Lambson said, noting that the typical Medicare beneficiary visits around four different facilities and seven different doctors in a year. That list grows longer if the patient has <a href="https://www.techtarget.com/healthcarepayers/news/366603904/Top-10-Most-Expensive-Chronic-Diseases-for-Healthcare-Payers">one or more chronic diseases</a>.</p> <p>"In that world, the ability to get your data and for your data to be available to your doctors wherever you go is very siloed. It's not always easy to have the best experience," he added.</p> <p>This latest partnership with b.well is a step in the right direction, but Lambson noted that there's still more progress to be made, especially as more consumer-facing apps and <a href="https://www.techtarget.com/patientengagement/news/366640134/Microsoft-joins-the-AI-chatbot-market-with-Copilot-Health">AI chatbots proliferate the market</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Assessing the risk for a deeper digital divide"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Assessing the risk for a deeper digital divide</h2> <p>Although the CMS Health Tech Ecosystem -- and the innovations that have already come out of it -- have been championed by many in the medical industry, there are some <a href="https://www.techtarget.com/patientengagement/news/366628284/Why-CMS-Health-Tech-Ecosystem-needs-a-health-equity-mindset">concerns about a deepening digital divide</a>.</p> <p>After all, using patient-facing technology to streamline the healthcare experience requires patients to own the technology and know how to use it. Some in the industry are worried that pushes for deeper adoption of patient-facing tools will further divide the digital haves and have-nots.</p> <p>Lambson said those fears are valid, but not top-of-mind for him. Healthcare organizations should always be ready to meet patients where they are, perhaps offering text message outreach instead of smartphone apps, or even providing human assistance where applicable.</p> <p>"However, there has been a really wide engagement when it comes to the modality of the smartphone, especially."</p> <p>Indeed, <a href="https://www.pewresearch.org/internet/fact-sheet/mobile/">smartphone ownership is up to 91%</a> nationwide, according to 2025 data from the Pew Charitable Trusts. That includes 78% of adults over age 65, a population many in the industry fear would be reluctant to adopt health IT.</p> <p>According to Lambson, the industry shouldn't be as concerned about how patients will use technology.</p> <p>"In terms of the digital divide, I see it more as the digital divide between healthcare providers," he said.</p> <p>Long-term care facilities and skilled nursing facilities (SNFs), in particular, don't have the same access to health IT compared to academic medical centers and even primary care providers.</p> <p>That's because these facilities were initially left out of the HITECH Act, which prompted healthcare's digital transformation back in 2009. Specifically, HITECH established the meaningful use program, a stimulus package that paid healthcare organizations for adopting and using EHRs and related technologies.</p> <p>Consequently, long-term care facilities and SNFs are behind their peers in terms of health IT adoption. It's that disparity that Lambson fears will hamper the digital patient experience.</p> <p>A patient might have a great digital experience with their primary care provider, he offered. But if that patient has a big surgery or procedure, they might end up in a SNF or post-acute care facility. Those types of organizations won't have as sophisticated technologies, which could leave the patient in the dark when they're used to transparency.</p> <p>Health technology equity issues aside, Lambson said he remains optimistic about where athenahealth and other participants in the Health Tech Ecosystem are headed.</p> <p>"This is just the beginning -- it's not the end of where we're going," he concluded. "Demonstrating that a patient has the power to collect and bring their own information is a really important psychological hurdle that we've overcome through this initiative."</p> <p><i>Sara Heath has reported news related to patient engagement and health equity since 2015.</i></p> </section> A step forward in its Health Tech Ecosystem pledge, athenahealth has partnered with b.well to let patients lead their health data sharing through a QR code. https://cdn.ttgtmedia.com/rms/onlineimages/ehr_g1366566196.jpg https://www.techtarget.com/patientengagement/feature/Athenahealth-uses-Health-Tech-Ecosystem-to-unify-patient-experience Mon, 16 Mar 2026 11:20:00 GMT Athenahealth uses Health Tech Ecosystem to unify patient experience <p>When drone attacks knocked out three AWS data centers in the Middle East last month, CIOs were forced to confront an uncomfortable truth: the cloud's physical infrastructure can be destroyed.</p> <p>In late February, the US-Israeli offensive, dubbed “Operation Epic Fury”, struck Iran and killed its leader. Much of the air space over the Middle East closed immediately, stranding hundreds of thousands of travelers. The chaos continued as the Dubai International Airport remained closed for three days due to damage sustained from drone debris.</p> <section class="section main-article-chapter" data-menu-title="AWS data centers hit in the Middle East"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AWS data centers hit in the Middle East</h2> <p>But there’s a new twist to this decades-old conflict. Three Amazon Web Services (AWS) data centers located in the United Arab Emirates (UAE) and Bahrain were caught in the crossfire. AWS confirmed that the facilities were <a target="_blank" href="https://www.tomshardware.com/tech-industry/drone-strikes-hit-three-aws-data-centers-in-the-uae-and-bahrain" rel="noopener">hit by drone strikes</a>, resulting in structural damage, power failures, fire and water damage from fire suppression. Nearly 60 AWS online services went down. The company advised customers with workloads running in the Middle East to migrate their data to alternate AWS regions, warning that this could be a “prolonged event.”</p> <p>It is believed to be the first time American big tech companies have become military targets. The attack makes it clear that <a href="https://www.techtarget.com/searchdatacenter/feature/Guide-to-understanding-the-various-types-of-data-centers">data centers</a> have become part of critical national infrastructure.</p> <p>“They are strategically important to operations of financial systems, government services, healthcare, communications, logistics," said Jack Alexander, senior threat intelligence analyst at Quorum Cyber. "Everything we do in this day and age goes through data centers, goes through hyperscalers, so they need to be seen as critical national infrastructure and protected as such,”</p> <p>Going forward organizations will need <a href="https://www.techtarget.com/searchdisasterrecovery/tip/When-to-use-a-mirrored-site-disaster-recovery">disaster recovery plans</a> in place that identify single points of failure and include redundancy so the data can be moved elsewhere if a data center is disabled, Alexander said. Consulting companies with internal intelligence departments can offer key information to organizations interested in a geographical area.</p> <p>“Use those means to identify the geophysical risks around the world and then structure your strategic dependencies accordingly,” he said.</p> </section> <section class="section main-article-chapter" data-menu-title="The physical reality of “the cloud”"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The physical reality of “the cloud”</h2> <p>The AWS data center attacks are a reminder that digital systems ultimately rely on real-world physical infrastructure, said Tae Oh, founder of Spacecoin.</p> <p>Cloud regions, data centers, fiber routes and undersea cables all sit inside environments that can be disrupted by conflict, geopolitical tension or government intervention.</p> <p>"When those systems are damaged or restricted, the connectivity that businesses depend on can degrade or disappear much faster than most continuity plans anticipate,” Oh said.</p> <p>Multiple cloud regions of backup data centers rely on the same terrestrial networks and gateways, he said. Real continuity requires independent connectivity layers that operate outside a single provider, country or routing system.</p> <p>“Open, decentralized internet infrastructure – particularly networks that can operate from space rather than relying solely on ground routes – can provide that additional layer of resilience when terrestrial systems become pressure points,” Oh said.</p> </section> <section class="section main-article-chapter" data-menu-title="The risks of locating data centers in volatile regions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The risks of locating data centers in volatile regions</h2> <p>The UAE is attractive to US hyperscalers interested in building powerful data centers to <a href="https://www.techtarget.com/searchdatacenter/tip/Complexities-of-integrating-AI-into-legacy-data-centers">feed their AI initiatives</a>. Many companies, including Google, Microsoft and Oracle operate data centers in the region, although Amazon is the only one to report damage so far.</p> <p>The UAE has become one of the most important infrastructure hubs in the Middle East and the country has invested heavily in physical security around data centers and connectivity, said Syed Asif Ali, founder of Point Media.</p> <p>Beyond physical protection, data centers <a href="https://www.techtarget.com/searchdatacenter/tip/Data-center-security-compliance-checklist">depend on a strong infrastructure</a>, connectivity, geopolitics, supply chains and regulatory environments. As a result, companies are adopting multi-region architectures where critical workloads can shift between geographic regions if necessary, Asif Ali said.</p> <p>“In the cloud era, resilience comes from geographic flexibility as much as physical security,” he said.</p> <p>But the physical threat still exists.</p> <p>Iranian Revolutionary Guard-affiliated news claimed that Iran targeted Amazon and Microsoft facilities, the Financial Tines reported. Iran justifies the data center attacks because of <a target="_blank" href="https://www.aljazeera.com/news/2024/4/23/what-is-project-nimbus-and-why-are-google-workers-protesting-israel-deal" rel="noopener">Project Nimbus</a>, a $1.2 billion contract that Amazon and Google jointly hold to provide cloud services to the Israeli government and military.</p> <p>It’s not the first time private industry has been made a target in armed conflict, according to Mahmoud Abuwasel, partner at Wasel & Wasel.</p> <p>The Cuba Submarine Telegraph Company, a British-owned private company located in Cuba, had its telegraph lines attacked by Americans during the Spanish-American War. The U.S. said the action was justified because the company was transferring military data on behalf of the Cuban government. The company later sued the United States government and a special tribunal agreed with America that the act was justified.</p> <p>“This has happened before. That’s why it’s important to look at those precedents and reflect on them in the modern situations,” Abuwasel said.</p> <p>Large investments are continually <a href="https://www.techtarget.com/searchdatacenter/news/366627578/Meta-Google-unveil-massive-AI-data-center-investment-plans">being made in data centers</a> as the AI push and the need for data hosting grows. As these needs enter the state apparatus even more, data centers will become more sensitive and more prone to attack, Abuwasel said.</p> </section> <section class="section main-article-chapter" data-menu-title="What hyperscalers should do next"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What hyperscalers should do next</h2> <p>Enterprises working in the region should focus on architectural resilience rather than just physical protection, Asif Ali said.</p> <p>Organizations choosing to operate in geopolitically sensitive regions should prioritize multi-region deployments, workload portability and failover strategies that allow critical services to move across geographic zones without disruption, he said.</p> <p>They should also consider how much risk is concentrated because disruption to large volumes of infrastructure in a single region can have a ripple effect across multiple organizations, Asif Ali said.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The most resilient organizations design their systems assuming disruptions will eventually happen. </figure> <figcaption> <strong>Syed Asif Ali</strong>Founder, Point Media </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Data governance and regulatory dynamics also come into play, requiring organizations to consider where data is stored, how quickly it can be relocated and how operations continue if a specific region becomes inaccessible.</p> <p>“The most resilient organizations design their systems assuming disruptions will eventually happen,” he said.</p> </section> <section class="section main-article-chapter" data-menu-title="What this means for enterprise business continuity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What this means for enterprise business continuity</h2> <p>The situation in the Middle East will force many organizations to rethink their disaster recovery plans to include situations that aren’t currently addressed.</p> <p>“Now, all of a sudden, we have a challenge that ‘if there is an attack, or some sort of disruption, how can we safely, securely and in compliance move that data from one region to another,’” said Kevin Miller, CTO at IFS North America.</p> <p>The challenge increases when working in countries that mandate data sovereignty.</p> <p>“The reality is that sometimes we don’t know where our data is and a lot of these tier one providers, these hyperscalers, are balancing those data loads sometimes across different geographic regions," Miller said. "But there will be a lot of questions asked about where the data resides.”</p> <p>The best prevention comes from modeling what can happen and AI provides an advantage, he said. Much like mapping alternative suppliers or routes, an organization can use AI to determine how to get data out of a physical location it lost access to and back into the data owner’s hands.</p> <p>“We have to now start looking many layers deeper than we traditionally have in terms of what is the best disaster recovery plan,” Miller said.</p> <p>There will be an increase in the need to have physical access or solid alternatives as to where data can go, as well as increased attention in terms of which countries are safe to migrate that path.</p> <p>There should be legislation around regulations that protect organizations from legal risks and compliance deficiencies if they want to move data from a compromised data center into another one, Miller said.</p> <p>Future <a href="https://www.techtarget.com/searchdisasterrecovery/tip/Understand-the-costs-of-a-disaster-recovery-failure">disaster recovery and contingency plans</a> may include some type of additional sharing or mutual aid between data centers similar to the utility companies, he said.</p> <p><i>Julie Hanson is a freelance writer who has reported on local news across Massachusetts and New Hampshire.</i></p> </section> Drone strikes that hit AWS's Middle East data centers show the cloud’s physical risks and prompts enterprises to improve disaster recovery and multi-region resilience strategies. https://cdn.ttgtmedia.com/rms/onlineimages/map_globe_g170100641.jpg https://www.techtarget.com/searchcio/feature/Middle-East-AWS-attack-highlights-data-center-vulnerabilities Mon, 16 Mar 2026 11:14:00 GMT Middle East AWS attack highlights data center vulnerabilities <p>Another week when the job appointments kept coming, with an emphasis on recruiting senior executives. Those with decades racked up in their respective areas of expertise were picked up to bring their skills and insight into fresh roles.</p> <section class="section main-article-chapter" data-menu-title="Genesys"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Genesys</h2> <p>The experience orchestration player has appointed Felipe Schwartzmann as senior vice-president and regional sales leader for Europe, the Middle East, and Africa (EMEA). Schwartzmann previously served as senior vice-president of Latin America at Genesys.</p> <p>“Felipe was instrumental in driving regional expansion and deepening customer relationships across Latin America,” said Larry Shurtz, chief sales officer at <a href="https://www.genesys.com/en-gb">Genesys</a>. “With his strong track record of driving growth, building high-performing teams and strengthening market presence, Felipe is ideally suited to further our expansion in EMEA.”</p> </section> <section class="section main-article-chapter" data-menu-title="Synyega"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Synyega</h2> <p>The IT asset management (ITAM) consultancy has rolled out the red carpet for Matt Ward as its first client success officer. He comes with more than three decades of experience and was a founding member of Softcat. Since 2005, Ward he has specialised in ITAM, most recently acting as Softcat’s enterprise director for that part of the business.</p> <p>“We are delighted to welcome Matt Ward to Synyega’s leadership team,” said Tony Crawley, CEO of <a href="https://www.synyega.com/">Synyega</a>. “His extensive expertise in ITAM, coupled with his experience of scaling a highly successful organisation, makes him an excellent fit as we look to accelerate our growth strategy.”</p> </section> <section class="section main-article-chapter" data-menu-title="MLL Telecom"> <h2 class="section-title"><i class="icon" data-icon="1"></i>MLL Telecom</h2> <p>The secure managed network services player has appointed Gavin Hutchinson as senior solutions architect. In the new role, he will be helping with the firm's portfolio leaning on his two decades of experience.</p> <p>“His well-proven network design skills in leveraging the benefits of the cloud, SASE and SD-WAN, and long track record of delivering successful outcomes on major public sector transformation projects, will be invaluable as MLL continues to expand,” said Andrew Shilton, <a href="https://www.mlltelecom.com/">MLL’s</a> head of pre-sales. </p> </section> <section class="section main-article-chapter" data-menu-title="Ping Identity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ping Identity</h2> <p>The digital identity specialist has welcomed Graeme Ventris as regional vice-president (RVP) for EMEA channel and alliances. Ventris will lead the firm’s channel activities across the region to support and increase the growth of its ecosystem.</p> <p>Paul Inglis, general manager for EMEA at <a href="https://www.pingidentity.com/en.html">Ping Identity</a>, welcomed the arrival of Ventris: “His deep understanding of the channel landscape and his ability to build sustainable, mutually beneficial partner ecosystems make him the ideal leader to drive our EMEA strategy forward.</p> <p>“As organisations across the region navigate increasingly sophisticated digital identity challenges, including those accelerated by AI-driven risks, our partners play a vital role in delivering the trust and security our customers require.”</p> </section> <section class="section main-article-chapter" data-menu-title="WSO2"> <h2 class="section-title"><i class="icon" data-icon="1"></i>WSO2</h2> <p>The agentic enterprise specialist has hired Thibaut Rouffineau as chief marketing officer, as the firm looks to accelerate its presence in key verticals, including banking and financial services, telecommunications, government and healthcare. He comes with a CV that stretches over two decades, with plenty of marketing experience, including most recently at Canonical.</p> <p>“The company’s rich portfolio and refreshed branding strategy clearly positions it to address the realities organisations face as they move from AI pilots to real, outcome-driven agent deployment,” said Rouffineau.</p> <p>“<a href="https://wso2.com/">WSO2</a> has a unique opportunity to help enterprises build the digital foundations required for intelligent, trusted and scalable agent-driven experiences, and I look forward to working with the global team to elevate the brand and accelerate growth worldwide.”</p> </section> Personnel moves of note this last week at Genesys, Synyega, MLL Telecoms, Ping Identity and WSO2 https://cdn.ttgtmedia.com/visuals/German/article/HR-employer-job-adobe.jpg https://www.computerweekly.com/microscope/news/366640395/Channel-moves-Whos-gone-where Mon, 16 Mar 2026 10:59:00 GMT Channel moves: Who’s gone where? <p>Market data from analyst IDC has shown that <a href="https://www.computerweekly.com/feature/Edge-AI-Business-cost-risk-and-control">SuperMicro has leapfrogged</a> established server makers Lenovo and HPE as the second-largest PC server maker behind Dell.</p> <p>SuperMicro experienced growth of almost 134% for the fourth quarter of 2025 with revenue of $11.7bn, which means it accounts for over 9% of the global server market. Dell was ahead with 10% market share and revenue of $12.6bn, while Chinese manufacturer IEIT Systems took the third spot, with revenue of $5.2bn and a 4% market share ahead of Lenovo, which posted revenue of $5.1bn, and HPE ($3.9bn).</p> <p>“The race for AI [artificial intelligence] adoption is settling the market pace, and with companies starving for infrastructure looking not only at GPUs [graphics processing units], but also consuming more CPUs [central processing units] among other components in order to feed their needs, we are going to see more price pressures, and that may impact on market dynamics with less units but higher average selling prices going forward,” said Juan Seminara, research director of Worldwide Enterprise Infrastructure Trackers at IDC.</p> <p>IDC noted that volatile increasing prices on certain components such as GPUs, dynamic random access memory (DRAM) and solid state drives (SSDs) has meant that some companies have been trying to secure prices ahead while the industry is accommodating to the new reality. It predicted that the impact of this price volatility could be hitting harder during 2026 as demand keeps outpacing service capacity in the near term.</p> <p>Besides Dell, the established server makers seem to be losing ground in the server market. But they appear to be looking at a new market opportunity being pushed by chipmaker AMD, which is the deployment of on-premise PC servers optimised to run agentic AI. </p> <p>In a bid to entice IT buyers away from cloud-based AI hardware, AMD has unveiled what it sees as a new category of PC called Agent Computers. In a post on the <a href="https://www.amd.com/en/resources/articles/run-openclaw-locally-on-amd-ryzen-ai-max-and-radeon-gpus.html">AMD website</a>, the company described how to run <a href="https://www.techtarget.com/searchcio/feature/OpenClaw-and-Moltbook-explained-The-latest-AI-agent-craze">OpenClaw, the open source AI agent</a>, locally on AMD Ryzen AI Max+ processors and Radeon GPUs using a Windows 11 PC with the Windows Subsystem for Linux (WSL).</p> <p>AMD said the PC system configured with 128GB unified memory is capable of running “cloud-quality AI agent workloads efficiently” using OpenClaw. According to its own benchmark data, with the Qwen 3.5 35B A3B model, the system delivers around 45 tokens per second and processes 10,000 input tokens in about 19.5 seconds. AMD said the configuration supports a maximum context window of 260,000 tokens, and can run up to six agents concurrently, which it said means it is able to deliver scalable local AI experimentation while maintaining strong responsiveness on consumer hardware.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about agentic AI</h3> <ul class="default-list"> <li>Is AI our agent, or are our governments becoming <a href="https://www.computerweekly.com/opinion/Is-AI-our-agent-or-are-our-governments-becoming-agents-for-AI">agents for AI</a>: Yet more billions are being spent on agentic AI, despite warnings of its potentially extreme fallibility. Just who are governments serving when they spout the messaging of Big Tech companies.</li> <li>‘Work is broken’. Can agentic AI fix it? <a href="https://www.computerweekly.com/feature/Work-is-broken-Can-agentic-AI-fix-it">Agentic AI</a> exposes flaws in enterprise workflows, highlighting weak data, unclear ownership and undefined processes, but better governance and integration can help.</li> </ul> </div> </div> <p>AMD sees such a system running autonomously rather like the pre-cloud era branch office servers, handling tasks sent by users through a browser user interface on another Windows PC, or via Slack or WhatsApp.</p> <p>PC makers that have “agent-ready” PCs include HP, Lenovo and Asus. The IDC figures show that revenue for servers with an embedded GPU in the fourth quarter of 2025 grew 59.1% year-over-year, representing more than half of the total server market revenue.</p> <p>The AMD Ryzen AI Max+ has an integrated GPU, and is currently one of the processor options for PCs certified as Copilot+ devices. While these devices are either laptops or desktop PCs with monitors, AMD’s Agent Computer appears to be positioned as more of a traditional desktop Windows PC running as a server, without a screen or keyboard. The setup AMD provides is optimised to run LM Studio. This uses Ubuntu on the WSL to provide access to large language models, which then work with an OpenClaw server running locally on the same hardware.</p> Lenovo and HPE pushed down as SuperMicro sees 134% AI growth, while AMD pushes on-premise Agent Computer https://cdn.ttgtmedia.com/visuals/German/article/datacenter-monitoring-3-adobe.jpg https://www.computerweekly.com/news/366640375/SuperMicro-takes-on-server-leaders-as-AMD-pushes-on-premise-AI Mon, 16 Mar 2026 10:45:00 GMT SuperMicro takes on server leaders as AMD pushes on-premise AI <p>Despite years of hype and technical development, most enterprise AI initiatives are stuck at the starting gate. But some large companies have made headway in deploying AI productively, starting with a foundation of organizational change.</p> <p>That generative AI (GenAI) and <a href="https://www.techtarget.com/searchcio/feature/Pillars-of-an-agentic-AI-strategy">AI agents</a> have yet to fulfill vendors' heady promises or be deployed widely at scale by enterprises has been the growing consensus among Big Tech leaders and market research reports so far this year.</p> <p>In January, PwC’s 29th Global CEO Survey report, based on <a target="_blank" href="https://www.pwc.com/gx/en/issues/c-suite-insights/ceo-survey.html" rel="noopener">responses from 4,454 chief executives</a>, found that 56% of respondents have not realized revenue or cost benefits from AI. Just 12% reported realizing benefits from AI in both categories.</p> <p>During the <a href="https://www.techtarget.com/searchitoperations/news/366638794/AI-security-worries-stall-enterprise-production-deployments">Cisco AI Summit</a> earlier this month, executives from Cisco, AWS, Google and OpenAI said that AI is moving faster than enterprise customers can absorb.</p> <p>At Insight Enterprises, a global systems integrator based in Chandler, Ariz., the disconnect between the breakneck pace of AI development in the industry and typical enterprise change management processes has been most evident so far in <a href="https://www.techtarget.com/searchitoperations/news/366631493/Harness-takes-aim-at-AI-bottleneck-with-DevSecOps-agents">software development</a>. This was true both internally during Insight's initial phases of adopting GenAI and among clients, according to the company's CTO for North America, Juan Orlandini.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/orlandini_juan.jpg" alt="Juan Orlandini, CTO North America, Insight Enterprises">Juan Orlandini </div> <p>"That's actually a work in progress as an industry, and I'd be remiss telling you that we have it all figured out -- anybody that tells you that they've got it figured out, they're [wrong]," Orlandini said in an interview with Informa TechTarget. "Because we can generate code so quickly, we've forgotten the very front end of the application development cycle. … Part of the guidance that we give to customers is that, yeah, there are some parts of the workflow that have gotten significantly faster, but some of those structures that we've developed over 50, 60 years of running it properly -- don't forget those."</p> <p>Developers keen on shipping code faster with AI sometimes chafe at the enterprise change management processes that remain in place, Orlandini said. But these processes are crucial to weeding through a mass of prototypes to identify the projects that will have a significant impact on a business when deployed at scale.</p> <p>Take, for example, Insight's development of an AI agent for its website. The minimum viable product for that was developed using AI in three weeks, but it took three months for the rest of the change management process to vet the agent, Orlandini said.</p> <p>"The scaling and the continual verification and all that … security, cost controls and governance … developers typically tend to struggle against, but there's a reason why you have a security team and a governance team and a FinOps team," he said. "They're not there to prevent innovation. They're there to make sure that you're doing it fiscally responsibly."</p> <section class="section main-article-chapter" data-menu-title="People and process as an AI foundation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>People and process as an AI foundation</h2> <p>Friction remains between coding agents and the rest of the software development process, but an even bigger problem for enterprise AI lies in broader organizational change management issues. In a Feb. 4 Process Optimization Report by data processing firm Celonis, among <a target="_blank" href="https://www.celonis.com/insights/data-visualizations/process-optimization-report-it" rel="noopener">1,649 surveyed businesses</a>, the top three hurdles to AI in production were people and process problems: a lack of expertise, cited by 47% of respondents; misalignment between departments by 45%; and difficulties getting AI to understand business context by 45%. Difficulties driving automation across disjointed systems were also cited as a blocker by 34% of respondents.</p> <p>A comprehensive change management process for people in the organization that started early was even more important for AI adoption at Insight Enterprises than software delivery checks and guardrails. When ChatGPT launched in 2022, evaluating how people in the organization responded to it was a key part of how Insight assessed the potential benefits of the technology, Orlandini said. Before the company developed any AI apps, a "walled garden" for internal experimentation by 14,000 employees served as the setting for an organizational approach to AI change management.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The ones that were [saying] 'Burn it with fire' are finding out, 'This is a tool for me. I'd better use it, or I'm not going to be as useful to our company.' </figure> <figcaption> <strong>Juan Orlandini, </strong>CTO, North America, Insight Enterprises </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>During this early experimentation, Insight observed three categories of responses: highly -- sometimes overly -- enthusiastic early adopters; reluctant opponents of the technology; and, for the majority, "'Hey, this sounds really cool, but I don't know how to use it,'" Orlandini recalled. "'Where's the manual, where's the training?'"</p> <p>In response, the company created a training program and platform called Flight Academy, where users start from very basic knowledge, such as "What is a prompt?'" and progress into deeper prompts, then connect the results of those prompts to their work. As users progressed, they competed individually and as teams. Flight Academy was initially an internal tool at Insight, but the company now sells it to clients.</p> <p>"That lowered the barrier of entry for that broad middle group," Orlandini said. "The ones that were [saying] 'Burn it with fire' are finding out, 'This is a tool for me. I'd better use it, or I'm not going to be as useful to our company.' And the overly enthusiastic ones became some of the leaders."</p> </section> <section class="section main-article-chapter" data-menu-title="Evaluating 'a zillion good ideas'"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Evaluating 'a zillion good ideas'</h2> <p>Flight Academy helped prepare Insight Enterprises for AI, but there was more to AI change management than employee training. Next, the company had to whittle down "a zillion good ideas" to focus on the ones that would deliver an ROI for the business. To do that, Insight created a platform called Insight Prism, which it also now sells to clients.</p> <p>"We created an onboarding process for these ideas to be brought forth. Then [Prism] runs those ideas through an engine that spits out a business case and says, 'This idea is going to be amazing because it's going to generate this much more revenue, or it's going to save us this much more money,' or both," Orlandini said. It gives you a business justification for whether this thing is good or not. And for some of those ideas, the numbers are actually not so good, so we don't invest in those."</p> <p>There are other tools companies can use to evaluate ideas for AI apps, ranging from <a target="_blank" href="https://www.youtube.com/watch?v=eY3d5yFpKr8" rel="noopener">hosted cloud services</a> to open source AI <a target="_blank" href="https://phawm.org/" rel="noopener">risk assessment tools</a>. Ducker Carlisle, a global consulting and M&A firm, uses StackAI to host a similar platform for its citizen developers to build and evaluate apps created using AI agents. This decentralized approach to AI application development and evaluation emerged because the initial phase of adoption generated an overwhelming number of niche requests for the company's centralized engineering team, raising concerns that employees would resort to shadow AI, according to Fabien Cros, chief data and AI officer at Ducker Carlisle.</p> <p>In response, Cros drew on previous experience as data & AI country lead for manufacturing at Google Cloud in France to create a citizen developer and tool discovery program.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> When we see something that is rising fast, we look at it … and we ask, 'Can we do it better? Can we do it faster? Should we move it in-house?' </figure> <figcaption> <strong>Fabien Cros,</strong>Chief data and AI officer, Ducker Carlisle </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"You let the users come up with ideas, build some stuff, even if it's limited, and then when you see adoption, you say, 'Is it core DNA for organization, or is it not?'" Cros said. "When it's not, you let it run through the [SaaS] platform and the [citizen developer] program. When it's core DNA you want deep monitoring. You want to control everything, end to end. It's like a pyramid, where you have a lot of use cases at the bottom, and then you bubble up the core use cases, and your central team [takes] over."</p> <p>Ducker Carlisle also uses gamification techniques to assess the popularity of users' apps, which is reflected in a leaderboard and a rating system akin to GitHub stars.</p> <p>"When we see something that is rising fast, we look at it and we say, 'That's a good use case, and apparently people like it,'" Cros said. "And we ask, 'Can we do it better? Can we do it faster? Should we move it in-house?'" </p> </section> <section class="section main-article-chapter" data-menu-title="'The hackathon mentality'"> <h2 class="section-title"><i class="icon" data-icon="1"></i>'The hackathon mentality'</h2> <p>Telus, a Canadian telecommunications and technology company, used its <a href="https://www.techtarget.com/searchitoperations/news/366627684/Infrastructure-as-code-tools-advance-platform-evolution">internal developer platform</a> (IDP) to host a hackathon where users tested AI tools, including AI infrastructure utilities, to determine which of the many choices in a teeming market would be most useful.</p> <p>"We really adopted the hackathon mentality, especially last year," said Kulvir Gahunia, site reliability office director at Telus. "It's [done in] a controlled environment, but at the same time, we didn't put guardrails on what users wanted to hack on. The tool they build might or might not help, but sometimes the technology to get to that point is a game-changer."</p> <p>One example of that is n8n, an AI workflow automation platform created by a company of the same name in Germany that has a <a target="_blank" href="https://github.com/n8n-io/n8n" rel="noopener">source-available, self-hostable free version</a>, which lent itself to use during the Telus hackathon.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/harrison_dana.jpg" alt="Dana Harrison, principal site reliability engineer, Telus">Dana Harrison </div> <p>"In [about] 100 ideas that were submitted, something like 14 or 15 of them used n8n, so there were tons of little n8n instances running around," said Dana Harrison, principal site reliability engineer at Telus. "And we went, 'Oh, before this goes completely off the rails, this is clearly a need. So we met that need, got licensed, and we now have an agreement with n8n."</p> <p>Given how fast AI tools are emerging and changing, following those indications of user need are a good way for an enterprise platform team to keep up with what's important to secure and support, Harrison said. Three days into setting up n8n as part of the internal platform, it had 1,300 users.</p> <p>The fact that the company had already taken steps to centralize on an IDP based on CNCF's Backstage gave it a strong foundation for AI adoption. It had also taken steps to  consolidate its IT and business data using Dynatrace, and control and moderate corporate access to large language models with the Fuel iX platform. "We are trusted in what we do, which is a privileged place to be in," Harrison said of the Telus platform team. "What it also means is that when we develop, people listen."</p> <p>One of the early internal AI adoption wins for Telus was a Slackbot, combined with an open source <a target="_blank" href="https://github.com/turbopuffer" rel="noopener">search engine tool</a> called turbopuffer, that gave users an easy way to search Dynatrace data.</p> <p>It's a natural position for <a href="https://www.techtarget.com/searchapparchitecture/tip/Treat-platform-engineering-as-a-competitive-advantage">enterprise platform engineers</a> to be in, according to Gahunia -- AI was created to remove toil and offload repeated tasks, which is also the mission of platform teams, he said.</p> <p>"We really embrace that mantra," he said. "A lot of the stuff that we started coming out with was, 'Hey, we do this all the time. Let's just automate this piece. Can we now leverage this somewhere else? Oh, yes, we can.' And it just organically started growing into this path that we're on now."</p> </section> <section class="section main-article-chapter" data-menu-title="Final thoughts: lessons learned for IT leaders"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Final thoughts: lessons learned for IT leaders</h2> <p>Finding opportunities to automate and remove toil from existing workflows using AI helps center the most useful tools but can also be a good starting point for people fearful about being replaced by the technology, Gahunia said.</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/gahunia_kulvir.jpg " alt="Kulvir Gahunia, site reliability office director, Telus">Kulvir Gahunia </div> <p>"It helps remove that fear of, 'AI is taking over my job,' because [users can see how to] use AI to enhance [their] work," he said. "It's not going to replace you, but you can leverage it to enhance your work and the outcomes you deliver. … That's a very key message for any organization to drive adoption."</p> <p>For some workers, however, disruption is already undeniably taking place, Insight's Orlandini said, especially <a href="https://www.techtarget.com/searchsoftwarequality/news/366626735/Vibe-coding-with-AI-sparks-debate-reshapes-developer-jobs">among software developers</a>. AI is now performing the simple, entry-level tasks that used to help junior developers learn to build larger, more complex systems. Senior developers sometimes find themselves in a role more like a product manager, without the craft of developing code they've spent years honing and have come to enjoy.</p> <p>"We need to be very mindful as leaders of understanding that this isn't just a technology thing," Orlandini said. "We have to manage the people and manage the expectations as much as we have to be able to consume this new capability."</p> <p>For junior developers, managers should encourage them to start thinking about "the whys, rather than the hows, of building applications," he said. For senior developers, if a product manager role doesn't suit them, leaders should find other ways to put their expertise to use for the organization.</p> <p>"People are wary of change because change implies the unknown -- help them through that unknown," Orlandini said. "Any amount of education that you put into your organization is going to pay dividends down the road.</p> <p>"The other thing I tell IT leaders is, don't forget your roots. All the things that we've learned over the decades that we've been doing in IT still apply. Some of the things might happen faster, but not all of them, and some of the fundamentals are still there."</p> <p><i>Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? </i><a href="mailto:beth.pariseau@informatechtarget.com?subject=News%20tip"><i>Email her</i></a><i>.</i></p> </section> An Insight Enterprises CTO, an ex-Google AI lead, and SRE leaders from Telus offer tips to enterprise IT leaders struggling to cut through AI noise and realize business value. https://cdn.ttgtmedia.com/rms/onlineimages/maze_g1289937803.jpg https://www.techtarget.com/searchitoperations/news/366640354/IT-leaders-share-enterprise-AI-change-management-tips Mon, 16 Mar 2026 10:06:00 GMT IT leaders share enterprise AI change management tips <p>Rapid, enthusiastic enterprise AI adoption has had some unanticipated consequences. Among them is the global RAM shortage that has shaken the tech market.</p> <p>The AI data centers that power the tools we use every day require substantial memory to run their workloads. <a href="https://www.computerweekly.com/news/366635013/Chip-makers-warn-of-a-looming-shortage-in-DRAM-and-SSD">Hyperscalers and data center developers bought large amounts of memory</a> to provide this capability. However, manufacturing constraints, coupled with competition from the consumer market, have led to a memory shortage that began in 2025.</p> <p>To counter the shortage, distributors tried limiting consumer purchases of hardware, and some manufacturers pivoted from consumer sales to high-demand, enterprise clients. As we enter 2026, the shortage persists. This begs the question: Will the global memory shortage impact enterprise AI adoption and innovation?</p> <section class="section main-article-chapter" data-menu-title="Understanding the DRAMa"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding the DRAMa</h2> <p><a href="https://www.techtarget.com/searchstorage/definition/RAM-random-access-memory">RAM</a> is short-term computer memory that stores data for devices so it's readily available. It's mainly sold as dynamic RAM, or DRAM, which provides memory for all types of computers, including smartphones, gaming consoles and laptops.</p> <p>In 2025, AI expansion exploded as hyperscalers raced to build data centers capable of supporting large-scale AI models, like ChatGPT, Claude and Gemini, that enterprises and individuals use. According to McKinsey & Company's 2025 State of AI <a target="_blank" href="https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai" rel="noopener">survey</a>, 88% of respondents said their organizations regularly use AI in at least one business function. AI has become an integral part of some business functions and workloads, and organizations are intent on maintaining or scaling them.</p> <p>However, AI data centers require more memory than RAM and DRAM alone can provide. So, manufacturers and vendors shifted away from the production and distribution of RAM and DRAM to <a target="_blank" href="https://www.techtarget.com/whatis/definition/high-bandwidth-memory" rel="noopener">high-bandwidth memory</a>. HBM transfers data faster than RAM and DRAM, while optimizing its power consumption. It uses multiple DRAM dies stacked on top of one another to power its storage capabilities. With all the DRAM being purchased for AI storage and demand for HBM exceeding production capacity, a memory shortage has ensued.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/typical_data_center_equipment-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/typical_data_center_equipment-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/typical_data_center_equipment-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/typical_data_center_equipment-f.png 1280w" alt="A diagram showing the equipment a data center requires. " data-credit="TechTarget" height="453" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Data memory and storage are among the components that let data centers provide AI services. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The memory shortage has affected consumer markets, prompting distributors worldwide to <a target="_blank" href="https://www.reuters.com/world/china/ai-frenzy-is-driving-new-global-supply-chain-crisis-2025-12-03/" rel="noopener">ration hardware</a>, like SSDs that provide virtual RAM, and to raise prices. Enterprises are also facing high hardware and device prices, as well as rising prices from cloud vendors that provide AI tools and infrastructure and have to absorb or pass on the increasing cost of memory.</p> <p>"Cloud and SaaS providers can absorb some of the supply-side shock, but they don't remove the cost," said Jeff Groom, director of engineering, AI, at Acre Security, which provides cloud and physical security technology. "In practice, those constraints often manifest elsewhere through pricing changes, usage caps, throttling or performance trade-offs. The shortage doesn't disappear; it just becomes less visible inside a service layer."</p> <p>The scalability, efficiency and processing power of HBM let AI systems continue to operate. With HBM devices in short supply, can enterprises continue to adopt and scale AI?</p> </section> <section class="section main-article-chapter" data-menu-title="What the memory shortage means for enterprise adoption"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What the memory shortage means for enterprise adoption</h2> <p>With 88% of organizations reporting that they use AI in at least one business function, it's clear they are serious about <a target="_blank" href="https://www.techtarget.com/searchenterpriseai/tip/10-steps-to-achieve-AI-implementation-in-your-business" rel="noopener">implementing AI</a>. Faced with the current memory shortage, enterprises still seeking to adopt and scale AI are turning to the cloud said Alvin Nguyen, a senior analyst at Forrester Research.</p> <p>"Bosses don't want to have to become subject matter experts if they don't have to. I think cloud kind of helps," he said. "Most companies just need to know they can run the AI models that meet regulations, provide an ROI and beat out the other solutions."</p> <p>That has always been a major <a target="_blank" href="https://www.techtarget.com/searchcloudcomputing/tip/Evaluate-on-premises-vs-cloud-computing-pros-and-cons" rel="noopener">benefit of cloud services</a>: replacing the complexity of purchasing and owning on-premises hardware with pay-as-you-go compute services delivered by experts who can help as needed. But if cloud prices are just going to increase in response to the memory shortage, as Groom predicts, is this an adequate solution to the problem? It could be if the only other option to retain a competitive advantage with AI is to own and run the hardware on-premises.</p> <p>For enterprises that do depend on owning their own hardware, Nguyen suggested what many are already doing: stockpiling now while possible. However, he also has other tips: Keep what you have longer or start buying used.</p> <p>"Why buy yesterday's technology for today's prices?" he asked. "If you can go used, go with used IT assets. That may drive new behaviors and cause changes in the secondary market. This doesn't just impact AI; it impacts everything with IT."</p> <p>Despite the memory shortage, Groom doesn't believe enterprises should be solely focused on the hardware. Instead, this will test the <a target="_blank" href="https://www.channelfutures.com/artificial-intelligence/3-keys-ai-resilient-business" rel="noopener">resiliency</a> of businesses' AI systems.</p> <p>"When RAM becomes expensive or constrained, weak architecture gets exposed," he said. "Many organizations built AI strategies around large, general-purpose models rather than using smaller models tuned for specific tasks, which would be more efficient and more predictable."</p> <p>Whether organizations shift to buying used hardware or migrate to cloud services, "a RAM shortage is unlikely to slow enterprise AI adoption on its own," Groom said.</p> </section> <section class="section main-article-chapter" data-menu-title="What's next in the memory market?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What's next in the memory market?</h2> <p>Experts agree that the memory shortage isn't permanent. However, it could take <a target="_blank" href="https://www.cnbc.com/2026/01/26/memory-chip-shortage-synopsys-lenovo-ai-data-centers.html" rel="noopener">two years</a> to see relief and a market correction from the effects of the shortage. And a lot can happen in two years.</p> <p>The memory shortage "will reward organizations with disciplined architecture and strong controls, and expose the ones that scaled faster than their guardrails," Groom said. An extended shortage like the one we're experiencing could open some organizations to <a target="_blank" href="https://www.techtarget.com/searchdatamanagement/tip/AI-data-governance-is-a-requirement-not-a-luxury" rel="noopener">AI security and governance</a> concerns, he added.</p> <p>"When RAM or GPU capacity becomes a bottleneck, teams are more likely to look for workarounds to keep projects moving," Groom said. "That can lead to merged workloads, weaker separation controls or shortcuts in deployment and access management if governance isn't strong."</p> <p>According to Forrester's Nguyen, this shortage could create an extreme market correction if manufacturing can't keep pace with demand. However, hyperscalers are continuing to buy memory wherever they can, often at inflated prices, to maintain their competitive advantage.</p> <p>"Having a clear advantage can sway who you go with," he said. "Hyperscalers are basically locked into this until they see it's time to quit, whether one of their competitors or multiple competitors quit funding this AI race or until customers declare a winner by dumping the other [hyperscalers]. It's a race to the finish," he said.</p> <p>However, instead of crossing a finish line, Nguyen said we could end up popping a bubble, or even bubbles. Without realizing more gains and innovation from AI, or if we experience severe market correction spurred by other shortages or disruptions to AI development, the proverbial sword of Damocles could fall, and the AI bubble could burst. While it might be painful for global markets, Nguyen said he doesn't think this will be the end.</p> <p>"Saudi Arabia, U.K., U.S., Japan, China, all of these countries are invested," he said. "I have a feeling it's going to be too big to fail. Not that they don't come out without pain."</p> <p><i>Everett Bishop is the assistant site editor for AI & Emerging Tech and the previous assistant site editor for SearchCloudComputing. He graduated from the University of New Haven in 2019.</i></p> </section> Enterprises bought up computer memory to fuel AI adoption. Now, amid a memory shortage, analysts share insights on what this means for enterprise AI adoption and what's next. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a205627811.jpg https://www.techtarget.com/searchenterpriseai/feature/Is-the-AI-memory-shortage-stifling-enterprise-adoption Mon, 16 Mar 2026 09:54:00 GMT Is the AI memory shortage stifling enterprise adoption? <p>Aetna has agreed to pay $117.7 million to resolve allegations that it violated the False Claims Act by submitting inaccurate or untruthful diagnosis codes for its Medicare Advantage Plan enrollees, according to a Department of Justice <a href="https://www.justice.gov/usao-edpa/pr/aetna-agrees-pay-1177-million-resolve-allegations-it-violated-false-claims-act">press release</a>.</p> <p>The alleged practice can result in fraudulent overpayments to Medicare Advantage plans, which United States Attorney General David Metcalf said is a diversion of government resources.</p> <p>"The government pays Medicare Advantage Organizations to facilitate vital healthcare to our seniors and other vulnerable citizens," Metcalf said in the press release. <br>"When corporations or individuals threaten the Medicare Advantage program by diverting those limited government resources through fraud, waste or abuse, we will continue to pursue all available remedies against them."</p> <p>Medicare Advantage operates by having plans submit diagnosis codes to the Centers for Medicare & Medicaid Services (CMS) to <a href="https://www.healthcaredive.com/news/cms-proposed-2027-advance-notice-chart-reviews-medicare-advantage/810549/">determine the monthly payment each plan will receive</a>. Those diagnosis codes inform risk adjustment, which ensures plans that cover sicker or more complex patients -- meaning patients who are more expensive to cover -- will get higher monthly payments.</p> <p>The lawsuit contends that Aetna submitted diagnosis codes to CMS that inaccurately or untruthfully inflated its <a href="https://www.techtarget.com/healthtechanalytics/feature/Using-Risk-Scores-Stratification-for-Population-Health-Management">risk pool</a>.</p> <p>In 2015, the payer received charts from its contracted provider partners for individuals covered by Aetna's Medicare Advantage plan. Typically, Medicare Advantage plans use these charts to conduct a chart review and then submit diagnosis codes to CMS.</p> <p>But according to the court, Aetna submitted additional diagnosis codes to CMS "that the healthcare providers had not reported for the beneficiaries to obtain additional payments from CMS," the court said.</p> <p>As part of the lawsuit, the United States argued that Aetna used its chart reviews to seek additional payments from CMS but did not use those same results when it provided information about potential overpayments. A total of $106,200,000 of the settlement amount resolves those allegations, the Department of Justice said.</p> <p>The remaining $11,500,000 of the settlement will resolve allegations that between 2018 and 2023, Aetna knowingly submitted or failed to delete inaccurate and untruthful diagnosis codes for morbid obesity among individuals without a BMI to substantiate those diagnosis codes. This resulted in overpayments from CMS, the court said.</p> <p>"Medicare Advantage relies on accurate reporting and attempts to manipulate the system undermine both the program's integrity and the beneficiaries it serves," Acting Deputy Inspector General for Investigations Scott J. Lampert of the U.S. Department of Health and Human Services, Office of Inspector General, said in a statement.</p> <p>"Today's settlement makes clear that no company is beyond accountability, no matter how large or well known. Those who seek to exploit Medicare Advantage should expect to be identified and held responsible, and HHS‑OIG will continue to protect taxpayer funds and the integrity of this vital program."</p> <p>According to Assistant Attorney General Brett A. Shumate of the Justice Department's Civil Division, Medicare Advantage plans can expect the Department to continue monitoring for fraudulent practices.</p> <p>"The government pays private insurers over $530 billion each year to care for Americans enrolled in Medicare Advantage,” Shumate said in the press release. "We will continue to hold accountable insurers that knowingly submit inaccurate or unsupported diagnoses to improperly inflate reimbursement."</p> <p><i>Sara Heath has reported news related to patient engagement and health equity since 2015.</i></p> The Department of Justice said Aetna submitted inaccurate diagnosis codes to untruthfully inflate its risk pool. https://cdn.ttgtmedia.com/rms/onlineimages/legal_g1065824400.jpg https://www.techtarget.com/healthcarepayers/news/366640455/Aetna-to-pay-1177M-to-settle-Medicare-Advantage-false-claims-case Mon, 16 Mar 2026 09:11:00 GMT Aetna to pay $117.7M to settle Medicare Advantage false claims case Search IoT Resources and Information from TechTarget 60 webmaster@techtarget.com