Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sun, 15 Mar 2026 21:56:48 GMT https://www.techtarget.com/searchenterprisedesktop editor@techtarget.com <p>DevOps shapes the way engineers build and deploy software. But it's not an engineering role in and of itself. It's an operating model that is powered by a variety of distinct roles.</p> <p>This is why simply creating positions with titles such as <a href="https://www.techtarget.com/searchitoperations/definition/DevOps-engineer"><i>DevOps engineer</i></a> is often not enough on its own to implement an effective DevOps strategy. Instead, businesses seeking to launch and scale DevOps initiatives must invest in a variety of roles to address the skills required to sustain DevOps.</p> <p>Indeed, without clearly defined DevOps job roles and responsibilities, organizations risk falling into the trap of saying they "do DevOps" without actually implementing DevOps effectively. The result is that the business misses out on the important benefits that effective DevOps offers, such as faster time to market, more efficient software development processes, better ROI from software and higher-quality software releases.</p> <p>Read on for details as we unpack the key DevOps roles that a typical organization should target, along with descriptions of the responsibilities and <a href="https://www.techtarget.com/searchitoperations/tip/DevOps-engineer-skills-needed-for-continuous-deployment">skills associated with each</a>. This article also explains how to structure DevOps roles so that team members with diverse areas of expertise can work together effectively toward the shared goal of faster, more efficient software releases.</p> <section class="section main-article-chapter" data-menu-title="12 core DevOps roles and responsibilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>12 core DevOps roles and responsibilities</h2> <p>DevOps roles can vary somewhat from one organization to another.</p> <p>For example, for a business that relies heavily on cloud-based software release pipelines, cloud architects are an important component of effective DevOps. This wouldn't be the case for an organization that builds and deploys software on-premises.</p> <p>That said, the following 12 key roles and their associated responsibilities are foundational to most DevOps strategies.</p> <h3>1. Software developers</h3> <p>Code is at the core of <a href="https://www.techtarget.com/searchitoperations/tip/Demystify-the-DevOps-process-step-by-step">DevOps processes</a>, and the people who write code are at the core of a DevOps organization. Hence, software developers play a key role in DevOps.</p> <p>Developers' key responsibilities within DevOps include these tasks:</p> <ul type="disc" class="default-list"> <li>Helping to formulate high-level plans for application architecture and features.</li> <li>Implementing and updating applications by writing code.</li> <li>Fixing code to address problems detected by IT, QA or security engineers -- such as performance bugs or security vulnerabilities.</li> </ul> <p>Ideally, your DevOps strategy is powered by developers who have two main traits. First, they are flexible in their <a href="https://www.techtarget.com/searchapparchitecture/tip/9-low-code-development-tools-to-know">development tool set</a>. They know a variety of programming languages and are familiar with different app development strategies, including Agile methodologies. This flexibility helps your team adjust and improve continuously.</p> <p>Second, developers who support DevOps must have at least a working understanding of what happens to code after it's deployed, as the core focus of DevOps is bridging the gap between software development and post-deployment software management. Developers don't need to be system administration experts, but they should know how to manage production environments and recognize the challenges IT teams face as they manage code after deployment. This knowledge is required to break down the silo structure that separates development from IT operations.</p> <h3>2. IT operations engineers</h3> <p>IT operations engineers -- sometimes called <i>IT engineers</i> -- are the <i>ops</i> in DevOps. Their core responsibilities under a DevOps operating model include the following:</p> <ul type="disc" class="default-list"> <li>Provisioning and deploying the infrastructure necessary to host software.</li> <li>Deploying new software releases.</li> <li>Monitoring and observing software in production environments to detect issues and, where necessary, collaborating with developers to fix them.</li> </ul> <p>DevOps requires IT engineers who are competent in IT operations, but ideally, they are more than that. They understand the <a href="https://www.techtarget.com/searchsoftwarequality/tip/The-stages-of-the-SDLC-explained">software development process</a> workflows and can collaborate with developers to reduce the friction that occurs when developers hand off code for deployment.</p> <p>Look for IT engineers who know how to code. Ideally, they have experience writing not just simple system administration scripts but also application code. This knowledge will enable more effective collaboration with developers.</p> <p>Key roles in a successful DevOps team span coding, security and UX expertise, as well as nontechnical areas.</p> <h3>3. DevOps engineer</h3> <p>Although simply hiring DevOps engineers is hardly enough to excel in DevOps, this role is vital because it helps implement the tools and infrastructure that enable DevOps processes.</p> <p>To this end, DevOps these are engineers' key areas of responsibility:</p> <ul type="disc" class="default-list"> <li>Implementing and managing <a href="https://www.techtarget.com/searchsoftwarequality/CI-CD-pipelines-explained-Everything-you-need-to-know">CI/CD pipelines</a>.</li> <li>Building automations to help streamline application releases and infrastructure management, often with the help of infrastructure-as-code frameworks.</li> </ul> <p>Coding is an essential skill for DevOps engineers, but typically, they write automation code rather than application code.</p> <p>Good DevOps engineers also have a strong understanding of infrastructure design principles and the ability to work with a wide variety of infrastructure platforms -- such as Kubernetes and the various public clouds that an organization might use.&nbsp;</p> <h3>4. Systems architects</h3> <p>DevOps doesn't require a specific architecture. Success isn't determined by whether you host workloads on-premises or in the cloud, nor will it necessarily matter which OSes you use. Still, a team that wants to design a DevOps-friendly architecture should keep certain goals in mind -- which is where systems architects come in.</p> <p>The core responsibilities of systems architects under DevOps include the following:</p> <ul type="disc" class="default-list"> <li>Assessing various options for hosting DevOps tools, such as <a href="https://www.techtarget.com/searchcloudcomputing/tip/Evaluate-these-9-multi-cloud-management-platforms">different cloud environments</a>, and deciding which best meet business needs.</li> <li>Planning and overseeing the implementation of integrations among DevOps tools.</li> <li>Managing and monitoring CI/CD pipelines to help keep DevOps processes running smoothly.</li> </ul> <p>Systems architects' roles are similar to those of DevOps engineers, as both focus on managing the tools and infrastructure that power DevOps processes. The difference is that systems architects specialize in the high-level design of DevOps tools and infrastructure, whereas DevOps engineers usually focus more on the implementation.</p> <p>That said, the overlap between these roles means that some organizations combine them by writing job descriptions that are broad enough for DevOps engineers to cover systems architect responsibilities, and vice versa.</p> <h3>5. QA engineers</h3> <p>Although developers have become more directly involved in software testing in recent years, QA engineers still play a valuable DevOps role. They assist with these essential tasks:</p> <ul type="disc" class="default-list"> <li>Designing and writing <a href="https://www.techtarget.com/searchsoftwarequality/definition/automated-software-testing">automated tests</a> that check software releases for performance and reliability before they are deployed.</li> <li>Running manual tests in cases where automated testing isn't possible or practical, such as when testing a specialized type of application that isn't supported by an automated testing framework.</li> <li>Assessing the results of software tests and working with developers to address bugs detected during testing.</li> </ul> <p>QA engineers focus specifically on defining quality standards for performance, reliability and other factors before software is pushed into production. It's their responsibility to design and run tests that assess whether each new release meets those requirements as it flows through the CI/CD pipeline.</p> <p>In some ways, the work performed by QA engineers might seem at odds with other DevOps goals. Inefficient software testing introduces delays to the CI/CD process, which hampers the fundamental DevOps goal of CD. To support DevOps most effectively, QA engineers should understand how to maintain software quality and minimize disruptions to other DevOps processes. There are several ways to do this.</p> <p>One technique is to embrace <a href="https://www.techtarget.com/searchsoftwarequality/definition/shift-right-testing">shift-right testing</a> for noncritical features. This enables some tests to run after code is deployed, reducing the number of tests that run pre-deployment and getting new releases into production faster. This strategy would be inappropriate for critical features -- those should be tested <i>before</i> deployment -- but it works well for testing smaller application components that won't cause serious problems if they fail a post-deployment test.</p> <p>Good QA engineers can also write efficient tests that run quickly and automatically. They should know the ins and outs of <a href="https://www.techtarget.com/searchsoftwarequality/tip/The-basics-of-implementing-an-API-testing-framework">test automation frameworks</a>, such as Selenium, and be skilled at writing tests that cover a lot of ground without taking a long time to run. They must also know how to interpret test results quickly and communicate to developers how to fix whatever caused the failure. Effective communication between developers and QA engineers in this regard is essential to maintaining the CI/CD pipeline flow even when a test fails.</p> <h3>6. UX engineers</h3> <p>A UX engineer isn't necessarily a DevOps role that immediately comes to mind. An expert who can ensure that software pleases end users, though, adds value to your DevOps process by addressing the following responsibilities:</p> <ul type="disc" class="default-list"> <li>Collaborating with developers during the software design process to ensure that user needs and expectations remain front and center.</li> <li>Prototyping and testing user interfaces.</li> <li>Interfacing with end users to determine whether existing interface capabilities best meet their needs and expectations, and if not, devising ways to improve.</li> </ul> <p>UX work is especially important because it's easy to fixate on the technical aspects of DevOps, such as how often a team releases software or how many tests it runs per release cycle. The goal of DevOps shouldn't be merely to deliver software quickly and efficiently; you also want software that delights users. UX engineers can help the rest of the DevOps team maintain that focus.</p> <h3>7. Security engineers</h3> <p>Security engineers -- specifically, ones who <a href="https://www.techtarget.com/searchitoperations/feature/5-DevSecOps-best-practices-to-prioritize">understand DevSecOps</a> and can put its tenets into practice -- are another core part of a DevOps organization. They bring a specific and important set of skills to the process:</p> <ul type="disc" class="default-list"> <li>Coordinating with developers to plan secure application architectures.</li> <li>Coordinating with IT engineers to design secure infrastructure environments.</li> <li>Testing applications for security risks and collaborating with developers and IT engineers to mitigate them.</li> </ul> <p>To implement DevSecOps, an organization must establish tools and processes that enable developers, security engineers and IT professionals to collaborate on security operations. All three stakeholder groups should have visibility into security issues so they can address them efficiently. Likewise, developers should be prepared to communicate with security engineers early and often to help design code that is secure from the start. IT engineers should work closely with the security team to ensure that their deployment and management processes follow best practices regarding application and infrastructure security.</p> <h3>8. DevOps evangelists</h3> <p>Not everyone will understand what DevOps means or why the organization should invest in the new tools, processes and people necessary to support it. A DevOps evangelist can help smooth over objections to the technology and organizational changes that DevOps adoption demands by covering the following areas of responsibility:</p> <ul type="disc" class="default-list"> <li>Providing general guidance on what it takes to <a href="https://www.techtarget.com/searchitoperations/tip/Target-tangible-IT-goals-during-a-DevOps-culture-shift">build a DevOps-centric culture</a>.</li> <li>Explaining to engineers how DevOps makes their work more efficient.</li> <li>Serving as a bridge between business leaders and technical staff when planning and implementing DevOps strategy.</li> </ul> <p>Although some organizations hire dedicated DevOps evangelists, it's also common for businesses to select team members from other DevOps roles to serve as <i>DevOps champions</i>.</p> <h3>9. Site reliability engineer</h3> <p>One can debate whether a site reliability engineer (<a href="https://www.techtarget.com/searchitoperations/definition/site-reliability-engineering-SRE">SRE</a>) is a core DevOps role or merely a complement to DevOps. Either way, it's hard to deny that having SREs on hand is a good thing for DevOps. SREs can accelerate DevOps by covering these responsibilities:</p> <ul type="disc" class="default-list"> <li>Working with developers and IT engineers to design stable, high-performing applications and infrastructure.</li> <li>Monitoring production environments for performance issues.</li> <li>Taking the lead in incident response by mitigating failures efficiently.</li> </ul> <p>To an extent, these responsibilities overlap with other DevOps roles, such as IT engineers (who also play a role in application monitoring) and QA engineers (who run tests to detect performance issues). An important difference, however, is that SREs usually rely heavily on code-based automation to perform their work. This can help make the work of assessing and managing reliability more scalable and efficient, which shows how SREs can add value even in organizations that already have their core DevOps responsibilities covered.</p> <h3>10. Cloud engineer</h3> <p>As noted above, organizations that depend heavily on cloud computing might choose to include <a href="https://www.techtarget.com/searchcloudcomputing/definition/cloud-engineer">cloud engineers</a> within their DevOps teams. Cloud engineers bear primary responsibility for these tasks:</p> <ul type="disc" class="default-list"> <li>Administering cloud environments.</li> <li>Deploying applications to the cloud and managing them when they are there.</li> <li>Integrating the disparate tools and services that exist between clouds in a multi-cloud strategy.</li> </ul> <p>This work can overlap substantially with that of IT engineers, who also deploy and manage applications. However, cloud engineers bring distinct expertise with cloud environments and tools, which more general types of IT engineers sometimes lack.</p> <h3>11. Automation engineer</h3> <p>An <a href="https://www.techtarget.com/searchitoperations/definition/automation-engineer">automation engineer</a> is another potential type of DevOps role that can be helpful for some organizations. It includes the following key responsibilities:</p> <ul type="disc" class="default-list"> <li>Designing and implementing automated workflows.</li> <li>Optimizing automated processes to make them more efficient and mitigate risk.</li> <li>Troubleshooting and mitigating disruptions to automated workflows.</li> </ul> <p>In the context of DevOps, these responsibilities can overlap with those of DevOps engineers and systems architects, both of whom also focus on automation. But an automation engineer can be a broader role that drives automation across all workflows, not just those specifically related to DevOps. In this way, automation engineers can help bridge the gap between DevOps processes and other workflows that the business depends on.</p> <p>Note, too, that automation engineers can be especially valuable for organizations experimenting with new types of automation tools, such as AI agents. These have not traditionally featured in DevOps workflows, where automation has conventionally depended on scripts instead, but automation engineers versed in applying emerging technology can help organizations take advantage of cutting-edge automation solutions such as agentic AI.</p> <h3>12. AI DevOps engineer</h3> <p>Speaking of AI, some organizations are now creating AI DevOps engineer roles, whose main responsibilities include the following:</p> <ul type="disc" class="default-list"> <li>Using AI to automate CI/CD pipelines.</li> <li><a href="https://www.techtarget.com/searchenterpriseai/tip/Top-generative-AI-tool-categories">Implementing and managing AI tools</a> that can accelerate core DevOps processes, such as software development.</li> <li>Helping to ensure that the DevOps team's use of AI tools remains compliant and secure.</li> </ul> <p>Whether it's necessary to devote a DevOps role specifically to AI is debatable; these responsibilities could also be addressed by other engineers, who are increasingly integrating AI into their workflows. But given the complexity of modern AI -- and the deep compliance and security challenges it presents -- a dedicated AI DevOps engineer position can make sense.</p> </section> <section class="section main-article-chapter" data-menu-title="Structuring DevOps roles in your organization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Structuring DevOps roles in your organization</h2> <p>Once you've identified the roles that enable DevOps, you need to combine or coordinate them into an actual DevOps team. This can be a major challenge because the DevOps philosophy makes no specific recommendations about how to structure DevOps teams or integrate DevOps into existing teams.</p> <p>Most businesses choose one of the following approaches to structuring DevOps personnel:</p> <ul type="disc" class="default-list"> <li><b>Replace dev and ops with DevOps.</b> Eliminate separate development and IT operations departments entirely and replace them with a dedicated DevOps team. The new team can include stakeholders from other domains, such as QA, or you can manage roles other than dev and ops as their own teams. This approach works well if you want to structure your entire organization around DevOps and never look back, but it requires a major organizational overhaul. You must also convince all your developers and IT engineers to embrace a new identity as DevOps specialists, which can be culturally jarring.</li> <li><b>Run DevOps alongside dev and ops.</b> Keep your existing development and IT operations teams intact, with a separate DevOps team that operates alongside them and coordinates activities. With this approach, developers and engineers <a target="_blank" href="https://www.devopsbay.com/blog/it-vs-dev-ops-understanding-key-differences-and-similarities" rel="noopener">retain their identities</a> and independence as you integrate DevOps into the overall organization. However, you'll have to build a new DevOps team from scratch and convince other teams to work with it.</li> <li><b>Embed DevOps engineers into other teams.</b> This hybrid approach embeds DevOps specialists into your existing dev and ops departments. It requires minimal organizational or cultural change -- but sprinkling DevOps engineers across existing teams might not be enough to fully embrace DevOps. You might end up with an organization that does <i>DevOps lite</i> instead of a total DevOps transformation.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Conclusion: The importance of a clear DevOps role definition"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion: The importance of a clear DevOps role definition</h2> <p>A large part of DevOps' success boils down to defining the right roles. The DevOps roles an organization needs can vary somewhat depending on factors such as the technologies it uses and how broad or narrow it makes certain job descriptions. Ultimately, the goal should be to ensure that all key DevOps responsibilities -- software development and deployment, QA, security, tool management and infrastructure management -- are covered within a holistic operating model.</p> <p>Note as well that leadership alignment is critical to translating DevOps roles into a collaborative DevOps team. Business leaders must clearly define each role's responsibilities and how it complements others. They must also set clear goals and priorities for DevOps team members to pursue. This can be done, for example, by articulating how extensively the business chooses to <a href="https://www.techtarget.com/searchitoperations/tip/What-to-expect-as-AI-for-DevOps-advances-in-the-enterprise">integrate AI into its workflows</a> or determining the balance it seeks between software reliability and release velocity.</p> <p>Finally, it's important to keep in mind that DevOps roles should evolve as organizations mature. Smaller companies, or those that develop and manage a small number of applications, often don't require so many distinct DevOps roles. They might, for instance, fold QA engineering responsibilities into developer roles, because they don't need to perform enough software tests to justify a dedicated QA engineering role.</p> <p>But over time, as DevOps processes scale up and become more complex, it's common for organizations to build out their DevOps team structure to include all key roles.</p> <p><i>Chris Tozzi is a freelance writer, research adviser, and professor of IT and society. He has previously worked as a journalist and Linux systems administrator.</i></p> </section> More than most IT initiatives, DevOps is built around people. Involve the right professionals, and get those people primed to work in concerted ways. https://cdn.ttgtmedia.com/visuals/searchOracle/applications/oracle_article_001.jpg https://www.techtarget.com/searchitoperations/feature/Know-the-key-DevOps-roles-and-responsibilities-for-team-success Wed, 18 Mar 2026 00:00:00 GMT <p>DevOps success depends, in part, on implementing the right technical tools and processes.</p> <p>But equally essential is an effective DevOps culture within the organization -- one that celebrates core DevOps values, such as collaboration and <a href="https://www.techtarget.com/searchitoperations/definition/IT-automation">automation</a>. It's only by baking DevOps culture into the way stakeholders think and act that organizations can bridge the gap between DevOps theory and DevOps practice.</p> <p>It's critical for business leaders to help instill a healthy DevOps culture within their organizations and to evolve and scale DevOps cultural values over time. This article explains the factors that go into a DevOps culture, practical ways to build a strong culture and how to measure and improve its effectiveness.</p> <section class="section main-article-chapter" data-menu-title="Core pillars of DevOps culture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Core pillars of DevOps culture</h2> <p>Although the notion of a <i>DevOps culture</i> might seem fluffy at first, it's a concrete concept that aligns with specific DevOps values and practices. An effective DevOps culture is based on the following core characteristics.</p> <h3>1. Collaboration</h3> <p>The core purpose of DevOps is to <a href="https://www.techtarget.com/searchsoftwarequality/tip/Improving-DevOps-collaboration-Challenges-and-tips">enable collaboration</a>. Traditional approaches to DevOps emphasized collaboration between software developers and IT operations teams, but the concept now often also brings other stakeholders -- such as QA engineers and security engineers -- into the fold. To do DevOps effectively, organizations need these various roles to collaborate and coordinate around software delivery and management.</p> <p>To that end, DevOps culture is marked by a collaboration-first mindset. <a href="https://www.techtarget.com/searchitoperations/definition/DevOps-engineer">Engineers</a> should instinctively aim to work together on completing tasks whenever appropriate, with or without formal collaboration structures in place.</p> <p>Engineers should also assess how their areas of focus -- such as software development or security -- complement others, with the goal of ensuring that the work they perform never comes at the expense of other priorities. For instance, when developers plan a new application feature, they should think, "How will this affect post-deployment manageability for the IT ops team?" or "What are the security implications?"</p> <p>When thoughts such as these are a natural part of DevOps processes, it's a sign that the organization has a healthy DevOps culture.</p> <h3>2. Shared ownership and accountability</h3> <p>Shared ownership and accountability go hand in hand with collaboration. It's only when engineers think in terms of <i>our</i> goals and responsibilities, rather than <i>my</i> goals and responsibilities, that collaboration fully flourishes.</p> <p>This doesn't mean that engineers embracing a DevOps culture perform all work collectively or don't have individual areas of responsibility or focus. On the contrary, a diverse range of <a href="https://www.techtarget.com/searchitoperations/feature/Know-the-key-DevOps-roles-and-responsibilities-for-team-success">specializations and roles</a> are central to DevOps. At the same time, stakeholders should consider how their work affects team outcomes.</p> <p>Equally important, when something goes wrong -- such as a major software defect that engineers fail to detect before deploying an app -- the response should center on improving processes for the team as a whole to prevent the mistake from recurring, rather than blaming individuals.</p> <h3>3. Automation</h3> <p>A cultural emphasis on automation advances DevOps by inclining engineers to prefer automation whenever possible.</p> <p>This is important because, although automation is essential for scaling DevOps processes and making them more efficient, stakeholders can sometimes be reluctant to fully embrace it. They might worry that they can't trust automations or that if they automate too much, their jobs will go away. The latter concern has become especially relevant as <a href="https://www.techtarget.com/searchenterpriseai/tip/9-top-AI-and-machine-learning-trends">AI has become increasingly common</a> in workflows.</p> <p>A healthy DevOps culture is characterized by positive views of automation. Engineers should view automation tools as a way to reduce toil and tedium, not as a way to replace humans. They should also understand that keeping humans in the loop by requiring human oversight of automated processes is important for mitigating risks, such as tools taking undesirable automated actions.</p> <h3>4. Learning and continuous improvement</h3> <p>A final pillar of effective DevOps culture is a desire to learn and improve continuously.</p> <p>DevOps should never be a one-and-done affair; organizations shouldn't adopt <a href="https://www.techtarget.com/searchitoperations/feature/Review-the-top-configuration-management-tools-in-DevOps">DevOps tools</a> and practices and assume they've fully optimized software delivery. Instead, they must continually seek ways to make DevOps more impactful. They should, for example, seek newer automation approaches or better process designs to further speed software delivery.</p> <p>Engineers who make learning and continuous improvement a cultural priority must also be open to tracking the effectiveness of current operations and finding ways to improve. They should view evidence of shortcomings, such as missed software release targets, as opportunities to improve rather than shameful failures.</p> </section> <section class="section main-article-chapter" data-menu-title="Leadership's role in enabling DevOps culture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Leadership's role in enabling DevOps culture</h2> <p>To be effective, DevOps culture must permeate the organization, not just be a value for leaders. But leaders play an important role in enabling DevOps culture.</p> <p>They should start by modeling core DevOps cultural values, such as collaboration, accountability, shared responsibility and continuous improvement. When engineers see business leaders embracing these priorities, they're more likely to do the same.</p> <p>Another important step for business leaders is to align incentives and <a href="https://www.techtarget.com/searchitoperations/tip/Nine-DevOps-metrics-you-should-use-to-gauge-improvement">KPIs with DevOps cultural values</a>. For example, to encourage a culture that values continuous improvement, executives should reward DevOps teams not just for how often they achieve target software release velocity metrics, but also for the rate at which they improve those metrics over time.</p> <p>Finally, business leaders can encourage DevOps cultural values by allowing teams the autonomy they need to operate effectively, while also setting clear boundaries. In general, it's a best practice to define what each team is -- and isn't -- expected to do within the context of DevOps and <a href="https://www.techtarget.com/searchsoftwarequality/news/366631712/Google-DORA-Software-delivery-caught-up-to-AI-coding-tools">software delivery</a>, while granting teams the freedom to decide for themselves how they'll fulfill their mission.</p> <p>This is important because it sets clear expectations surrounding what teams need to do and how those expectations align with DevOps goals and cultural values. But at the same time, it gives engineers the room they need to put DevOps culture into practice on their own terms without feeling like it is being foisted upon them by leadership.</p> </section> <section class="section main-article-chapter" data-menu-title="How to build a DevOps culture in practice"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to build a DevOps culture in practice</h2> <p>The exact process for putting DevOps culture into practice will, of course, vary from one organization to the next. But in general, the following are key practices that can help make DevOps cultural values an everyday part of the way organizations operate:</p> <ul type="disc" class="default-list"> <li><b>Eliminate organizational silos.</b> Collaboration doesn't work well when different types of stakeholders, such as developers and IT ops engineers, struggle to identify or communicate with one another. It's critical to remove the organizational or bureaucratic barriers that hamper cross-functional interaction.</li> <li><b>Evolve the organizational structure.</b> Structural changes, such as the hiring of cross-functional roles spanning both software development and IT ops, might be needed in some cases to build an organizational foundation that can embrace DevOps culture.</li> <li><b>Integrate DevOps culture into hiring.</b> Hiring processes should be designed to assess how candidates view DevOps cultural values. This can be done in a concrete way by, for example, requiring finalists for developer jobs to collaborate on coding <a target="_blank" href="https://www.dice.com/hiring/recruitment/10-essential-coding-tests-for-interviews" rel="noopener">tests</a> with other engineers at the company, rather than the more typical practice of assigning coding work for applicants to complete on their own.</li> <li><b>Adopt blameless principles.</b> DevOps culture becomes easier to put into practice when an organization adopts blameless principles: treating mistakes not as failures on the part of individuals but as failures of the organization as a whole and finding ways to improve processes in response.</li> <li><b>Provide learning opportunities.</b> Leadership can help foster a DevOps culture of continuous learning by providing engineers with access to <a href="https://www.techtarget.com/whatis/feature/9-best-free-DevOps-certifications-and-training-courses">training and certification opportunities</a>. Allowing protected time for engineers to focus on learning -- rather than completing assigned tasks -- also helps.</li> <li><b>Communicate clearly about automation. </b>To mitigate the risk that engineers will be wary of automation, business leaders should clearly define the roles they expect engineers to fill in highly automated environments. This sends the message that automation will depend on humans rather than replace them.</li> <li><b>Seek feedback.</b> In a healthy DevOps culture, it should be easy for anyone at any level of the organizational hierarchy to share ideas for improving DevOps culture or practices. This is another important step toward building an organic DevOps culture rather than one imposed from the top down.</li> <li><b>Measure DevOps cultural effectiveness.</b> Continuously measuring the effects of DevOps culture on the business is important for finding ways to improve on an ongoing basis.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Measuring DevOps culture and maturity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Measuring DevOps culture and maturity</h2> <p>It's common for businesses to <a href="https://www.techtarget.com/searchitoperations/tip/How-to-effectively-use-DORA-metrics-in-DevOps">track a variety of DevOps metrics</a>, such as software deployment frequency, change lead time and failure rate. These are, at their core, technical metrics.</p> <p>However, these metrics reflect not just the technical effectiveness of DevOps tools and practices but also of DevOps culture. A slow deployment frequency, for example, could result from collaboration failures rather than tooling problems.</p> <p>Hence, the importance of distinguishing cultural signals from tooling outputs as a way of measuring the health and maturity of DevOps culture. To do this, organizations must invest in qualitative analysis of DevOps metrics. When quantitative data on DevOps processes yield anomalies, business and engineering leaders should <a href="https://www.techtarget.com/searchbusinessanalytics/feature/15-common-data-science-techniques-to-know-and-use">dig into the data</a> to determine the role culture plays and whether cultural changes can help mitigate undesired outcomes.</p> <p>For instance, if deployment frequency is slow due to poor collaboration, leaders should assess whether bureaucratic hurdles are hindering smooth collaboration and, if so, break down those silos. This is an example of an actionable change that can streamline the implementation of DevOps culture and, in turn, improve measurable DevOps outcomes.</p> </section> <section class="section main-article-chapter" data-menu-title="Conclusion: A meaningful approach to DevOps culture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion: A meaningful approach to DevOps culture</h2> <p>It's easy to talk about DevOps cultural values or claim that an organization has a DevOps culture. It can be much harder to implement and scale a DevOps culture in practice.</p> <p>But it can be done through intentional leadership that adopts actionable practices -- such as those described above -- for modeling DevOps values and encouraging their organic adoption across the organization. When this happens, businesses benefit from a cultural foundation that maximizes speed, reliability and scale through all stages of the software delivery process.</p> <p><i>Chris Tozzi is a freelance writer, research adviser, and professor of IT and society. He has previously worked as a journalist and Linux systems administrator.</i></p> </section> An effective DevOps culture blends collaboration, shared accountability, automation and continuous learning, with leadership aligning incentives to drive better delivery outcomes. https://cdn.ttgtmedia.com/visuals/searchITChannel/manage_sales_business/itchannel_article_002.jpg https://www.techtarget.com/searchitoperations/tip/Target-tangible-IT-goals-during-a-DevOps-culture-shift Mon, 16 Mar 2026 00:00:00 GMT <p>When ransomware hits an enterprise's modern data stack, attackers are increasingly targeting the brain -- the control planes, catalogs and pipelines -- to disable the analytics and AI infrastructure.</p> <p>Many data teams run analytics and AI on SaaS-hosted data lakehouses. While convenient, it can hide a resilience gap. Many organizations assume their provider handles data protection, but in the <a href="https://www.techtarget.com/searchdatabackup/tip/SaaS-shared-responsibility-model-What-vendors-dont-cover">SaaS shared responsibility model,</a> service uptime and infrastructure security sit with the provider, while data protection, backup and recovery rest with the customer. Failing to understand those roles can turn a ransomware incident into a significant outage for analytics and AI systems.</p> <p>To withstand incidents and audits, a data lakehouse ransomware recovery approach uses clean-room recovery architecture, metadata-aware backups and pipeline-level versioning with rollback capabilities.</p> <h3>Architect for clean-room recovery</h3> <p>Restoring an AI or analytics environment is not the same as restoring a file server. Pipelines, model versions, feature stores and catalogs that make those systems work are tightly interdependent.</p> <p>Reconnecting a compromised pipeline or a corrupted model back into production does not constitute a full recovery, as there is still a risk of reinfection.</p> <p>The safest path in a data lakehouse ransomware recovery plan is to validate restores without connecting to the compromised environment.</p> <p>That's the role of a clean-room recovery environment, also called an isolated recovery environment (IRE). The IRE is a purpose-built space with its own identity and network services, such as Active Directory, DNS and DHCP, where teams restore systems and confirm they're functioning correctly before reconnecting to production.</p> <p>The two common approaches to building a clean room differ in cost, speed and staffing:</p> <ul class="default-list"> <li><b>Air-gapped.</b> In this scenario, the environment is physically disconnected from external networks, providing the strongest isolation but requiring dedicated hardware and staffing. The recovery time objectives (RTOs) can take days.</li> <li><b>Logically isolated.</b> In this arrangement, network segmentation and strict access controls create separation. This approach is faster and less expensive to operate, but its effectiveness depends on the thoroughness of those controls.</li> </ul> <p>The isolated environment is <a href="https://www.techtarget.com/searchdatabackup/feature/9-data-backup-trends-to-watch">only as trustworthy as what is stored inside it</a>. Backups should be immutable -- for example, using WORM object-storage controls -- so an attacker cannot corrupt or delete the restore points.</p> <p>Recovery plans still require regular testing. Teams must restore the full stack, validate that pipelines execute correctly against restored data, confirm models produce expected outputs and document timing at each step before reconnecting to production.</p> <h3>Rebuilding the brain of the data lakehouse</h3> <p>Most ransomware defenses focus on the storage layer to protect the data files. This approach misses the metadata layer that AI and analytics systems use to interpret that data.</p> <p>A data lakehouse typically <a href="https://www.techtarget.com/searchdatamanagement/feature/15-big-data-tools-and-technologies-to-know-about">stores data in open formats</a>, for example Apache Parquet, on low-cost object storage, including Amazon S3 or Azure Data Lake Storage. The AI and analytics engines cannot properly query the data without the table-format metadata that tracks files, schema and versions.</p> <p>Three popular open table formats -- Delta Lake, Apache Iceberg and Apache Hudi -- rely on transaction logs and snapshots as the authoritative record of the table state. If an attacker encrypts or corrupts these metadata artifacts, then the AI and analytics ecosystem loses the map to the data.</p> <p>Copying the data files alone is not enough. Standard backup tools designed for object storage treat data as isolated files and fail to preserve the metadata required to restore a table. Without backups for proper metadata recovery, organizations will have to reconstruct the entire table structure manually.</p> <p>A post-failover runbook should:</p> <ul class="default-list"> <li>Isolate the compromised control plane;</li> <li>Fail over to cross-region replicated catalog and transaction logs;</li> <li>Restore catalogs and transaction logs from immutable, versioned backups; and</li> <li>Reconcile metadata with data files <a href="https://www.techtarget.com/searchdatamanagement/feature/15-big-data-tools-and-technologies-to-know-about">using time-travel features</a> and validate consistency before resuming workloads.</li> </ul> <h3>Ensuring end-to-end AI pipeline resilience</h3> <p>For an AI governance analyst, ransomware resilience is as much a provenance and integrity problem as it is a backup one.</p> <p>Can you prove data lineage, detect tampering with components and rollback the entire setup to a known-good state? That requires versioning at <a href="https://www.techtarget.com/searchdatamanagement/definition/data-management">every layer in the data pipeline</a>: training data, feature store snapshots, model weights, pipeline definitions, model registry entries with lineage and vector-index snapshots.</p> <p>Provenance requires lineage from source through training to model output. Tamper checks rely on validating cryptographic hashes at each stage of the pipeline. Together, these controls give a governance analyst the evidence to confirm the quality of a restored model.<br><br>How quickly the analytics and AI systems can recover from a ransomware incident depends on the <a href="https://www.techtarget.com/searchitoperations/answer/When-to-use-canary-vs-blue-green-vs-rolling-deployment">chosen deployment model</a>. There are two dominant approaches for the enterprise:</p> <p><iframe title="Deployment strategy comparison" aria-label="Table" id="datawrapper-chart-Jishr" src="https://datawrapper.dwcdn.net/Jishr/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="330" data-external="1"></iframe></p> <p> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </p> <p>Three frameworks offer a layered approach for security and AI teams to make provenance, tamper detection and supply chain risk systematic rather than reactive:</p> <ul class="default-list"> <li><b>NIST AI RMF (AI Risk Management Framework).</b> At the business level, it uses four core functions -- governance, mapping, measurement and management -- to assess risk across third-party software, data and supply chains.</li> <li><b>Gartner AI TRiSM (Trust, Risk and Security Management).</b> A structure to identify software needed <a href="https://www.techtarget.com/searchenterpriseai/feature/AI-regulation-What-businesses-need-to-know">to govern AI systems</a> across trust, risk and security dimensions.</li> <li><b>MITRE ATLAS (Adversarial Threat Landscape for AI Systems).</b> Teams use a knowledge <a target="_blank" href="https://atlas.mitre.org/" rel="noopener">base</a> of tactics and techniques that target AI systems, including poisoning and backdoors.</li> </ul> <p>For data and security leaders, ransomware resilience for AI and analytics is an architecture decision that needs to be made<a href="https://www.techtarget.com/searchsecurity/tip/How-to-conduct-incident-response-tabletop-exercises"> well in advance of an incident</a>. NIST, MITRE and Gartner developed these frameworks because AI pipelines expose the risks that standard disaster recovery planning does not address. Without this structured data lakehouse ransomware recovery approach, provenance tracking and tamper detection remain best-effort controls that are the first things dropped when response teams are under pressure.</p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> Attackers target the metadata your data intelligence platform needs to function. Understand where your AI risks are and what it takes to restore service after an incident. https://cdn.ttgtmedia.com/visuals/digdeeper/2.jpg https://www.techtarget.com/searchdisasterrecovery/tip/Data-lakehouse-ransomware-recovery-strategies-for-AI Sat, 14 Mar 2026 12:14:00 GMT <p><span style="font-weight: 400">Xscape Photonics develops custom photonic platform products designed for ultra-high bandwidth connections inside datacentres to power AI systems.&nbsp;</span></p> <p><span style="font-weight: 400">The company’s proprietary ChromX platform targets scaling of AI computing performance in what the company promises is an environmentally sustainable manner.</span></p> <p><span style="font-weight: 400">The technology is optimised for power, cost, scale and reliability. Essentially, the organisation is a semiconductor startup developing photonic solutions for next-generation AI datacentre fabrics.</span></p> <p><span style="font-weight: 400">Now driving to create greater momentum for this sector of the photonics market, the company has now being backed by Addition, a new investor, while Xscape also has with continued support from existing investors, including capitalisation-focused GPU company Nvidia, among others.</span></p> <section class="section main-article-chapter" data-menu-title="Arise FalconX"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">Arise FalconX</span></h2> <p><span style="font-weight: 400">Xscape Photonics also announced the launch of FalconX: a fully redundant External Laser Small Form-factor Pluggable (ELSFP) device capable of emitting up to eight wavelengths or colours of light for ultra-fast, high-capacity and low-power optical data transmission.</span></p> <p><span style="font-weight: 400">An External Laser Small Form-factor Pluggable device is a compact optical transceiver module that houses a laser source externally (rather than internally within the module itself), which enables higher power, improved thermal management and longer-reach optical communications.</span></p> <blockquote> <p><span style="font-weight: 400">“Rapidly increasing bandwidth, power and cost demands of AI workloads have created a critical hardware bottleneck, forcing developers to use just a fraction of their GPUs’ capacity, thereby limiting the revolutionary potential of AI itself,” said </span><a href="https://www.linkedin.com/in/vivekraghunathan/"><span style="font-weight: 400">Vivek Raghunathan</span></a><span style="font-weight: 400">, Xscape Photonics’ CEO and co-founder. “Xscape Photonics is accelerating the development of its multi-colour wavelength-division multiplexing (WDM) fabric solutions to escape these hardware limits and fundamentally reimagine how data moves through datacentre networks.”</span></p> </blockquote> <p><span style="font-weight: 400">Raghunathan further states that FalconX is the industry’s first Comb laser module in a pluggable form factor capable of generating eight wavelengths of light, powering high-speed data movement to allow the entire datacentre to function as one giant GPU.</span></p> </section> <section class="section main-article-chapter" data-menu-title="Laser terms defined"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">Laser terms defined</span></h2> <p><span style="font-weight: 400">By way of additional definitions, multi-colour wavelength-division multiplexing involves using multiple light wavelengths simultaneously to transmit parallel data streams. Further, a Comb laser module can be explained as a single laser generating multiple evenly spaced frequency channels simultaneously.</span></p> <p><span style="font-weight: 400">Xscape Photonics was founded in 2022 by Raghunathan and four photonics scientists from Columbia University: Alexander Gaeta (president), Yoshi Okawachi (vice president of R&amp;D), Keren Bergman (board of advisors member) and Michal Lipson (board of advisors member).&nbsp;</span></p> <p><span style="font-weight: 400">The company says that, currently, AI inference performance is constrained by conventional datacentre networks that rely on outdated copper interconnects, significantly limiting the amount of data that can escape from each accelerator to neighbouring accelerators or memory within AI clusters.&nbsp;</span></p> <p><span style="font-weight: 400">FalconX helps solve this “escape bandwidth” bottleneck by employing Xscape Photonics’ proprietary CombX laser technology, which generates multiple wavelengths of light on a single silicon photonics chip and enables the integration of high-performance, multi-colour optical interconnects into AI datacentre networks.</span></p> </section> <section class="section main-article-chapter" data-menu-title="Multi-terabits-per-second"> <h2 class="section-title"><i class="icon" data-icon="1"></i><span style="font-weight: 400">Multi-terabits-per-second&nbsp;</span></h2> <p><span style="font-weight: 400">With more than 1W of optical power from a single pluggable laser module, FalconX generates eight colours that can power multi-terabits-per-second of data bandwidth. AI clusters have grown more than tenfold in size over the last two years and the failure of a single laser module can significantly impact the network, stalling the workload and increasing the token cost. Hyperscalers demand 10 times fewer failures compared to the incumbent laser level due to the growth of AI clusters. FalconX offers built-in redundancy and more reliable components to meet growing cluster demands.</span></p> <p><span style="font-weight: 400">FalconX is designed to comply with industry MSA standards for Scale-Up and Scale-Out fabric links and can be qualified in existing hyperscaler infrastructure.</span></p> <p><img loading="lazy" decoding="async" class="wp-align alignnone wp-image-11648" src="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/Screen-Shot-2026-03-14-at-07.38.09.553-AM.png" alt="" width="580" height="368" srcset="https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/Screen-Shot-2026-03-14-at-07.38.09.553-AM.png 1028w, https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/Screen-Shot-2026-03-14-at-07.38.09.553-AM-300x190.png 300w, https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/Screen-Shot-2026-03-14-at-07.38.09.553-AM-1024x649.png 1024w, https://itknowledgeexchange.techtarget.com/cwdn/files/2026/03/Screen-Shot-2026-03-14-at-07.38.09.553-AM-768x487.png 768w" sizes="(max-width: 580px) 100vw, 580px"></p> </section> Xscape Photonics develops custom photonic platform products designed for ultra-high bandwidth connections inside datacentres to power AI systems.  The company's proprietary ChromX platform targets ... https://www.computerweekly.com/blog/CW-Developer-Network/Photonics-Xscape-Building-the-eight-wavelength-laser-for-AI-data Sat, 14 Mar 2026 03:39:32 GMT <p>The enterprise network is the nervous system of the digital enterprise, and too many enterprises are finding that their nervous systems are becoming too expensive to operate. High costs related to infrastructure licensing and maintenance, exploding IoT and AI application data have caused network budgets to grow faster than overall IT spending.</p> <p>This is a problem for the network, a user-invisible service that underlies all the other ones. Organizations have a strong incentive to <a href="https://www.techtarget.com/searchitoperations/tip/Optimize-your-IT-budget">keep costs from rising</a> too quickly.</p> <section class="section main-article-chapter" data-menu-title="Cost drivers in enterprise networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cost drivers in enterprise networking</h2> <p>IT teams inadvertently drive network costs by improperly rightsizing, increasing technical debt and focusing on manual work rather than automating.</p> <h3>Rightsizing</h3> <p>Rightsizing connectivity applies throughout the network, from the server or desktop edge to the WAN and cloud networks. Many enterprise network teams build networks with equipment intended to last multiple years. This attempt at futureproofing hinders network development and increases costs, however.</p> <p>When organizations buy equipment they think they'll use for multiple years, they end up overprovisioning the network and spending more on infrastructure that soon becomes outdated. Not only does this limit <a href="https://www.techtarget.com/searchnetworking/tip/How-to-plan-and-start-a-network-upgrade">network upgrades</a>, but it also causes organizations to pay too much to buy more than they need.</p> <h3>Technical debt</h3> <p>The problem of technical debt in the network manifests itself in both deferred work and extended lifespans:</p> <ul class="default-list"> <li><b>Deferred work.</b> Backlogs of OS and firmware updates, postponed configuration maintenance, incomplete equipment inventories and other operational issues. This often leads to more downtime, longer restoration times and increased cybersecurity risks.&nbsp;</li> <li><b>Extending lifespans.</b> Operating hardware past its end of support increases costs for the vendor and secondary-market support. It also increases costs due to outages as older systems become more prone to failure. Older hardware is also generally less power-efficient, costing more to keep.</li> </ul> <h3>Manual work</h3> <p>The continued reliance on manual network management drives excess costs. Manual management is both <a target="_blank" href="https://medium.com/@inspira.ai/the-hidden-costs-of-manual-workflows-and-how-automation-fixes-them-4af8587e2945" rel="noopener">slower and more error-prone</a> than automatic processes. As network salaries continue to rise, downtime costs increase. At the same time, the costs of automation tools are decreasing. In a time when it becomes harder to hire experienced network professionals, organizations should feel incentivized to consider fully automating network management to offset the skills gap and lower costs.</p> </section> <section class="section main-article-chapter" data-menu-title="Reduce networking costs without degradation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Reduce networking costs without degradation</h2> <p>Enterprise network leaders need to attack excess costs on all fronts.</p> <h3>Proper rightsizing</h3> <p>When network teams design or upgrade their networks, they should intentionally create or retain excess capacity solely to enhance network resilience. To <a href="https://www.techtarget.com/searchnetworking/tip/3-tips-for-proper-network-provisioning-and-capacity-planning">address overprovisioning</a>, leadership must encourage network engineers to forgo old rules of thumb. For example, it's better to make design decisions based on network traffic data rather than outdated guidelines, such as ensuring link capacity exceeds the highest estimated load by 40%.</p> <p>This can lead to significantly lower edge and spine connectivity costs within a campus or data center network. Coupled with the use of scalable connectivity strategies on an SD-WAN and flexible cloud-exchange-based connections to cloud providers instead of inflexible direct connects, it can lead to significant reductions in WANs as well.</p> <h3>Reduce technical debt</h3> <p>Teams can focus on replacing the oldest tiers of equipment: First, out-of-service items and then items near that status. It's important to <a href="https://www.techtarget.com/searchnetworking/tip/A-guide-to-network-lifecycle-management">implement strong lifecycle management</a>, based on accurate inventory and configuration management, from the moment new gear rolls in.</p> <p>New network discovery and management tools can sometimes pay for themselves in this way, leaving aside savings on downtime and reduced cyber risk. Eliminating the oldest and least reliable equipment will drive short-term Capex increases but should reduce ongoing Opex enough to outweigh them.</p> <h3>Automation in cost reduction</h3> <p>Network teams should select and standardize on a limited set of automation tools and approaches and apply them to every aspect of operations. The key to savings is automating the remaining manual operations that are most time-consuming. This is true whether rolling an in-house tool, working with a third-party option, <a href="https://www.techtarget.com/searchapparchitecture/tip/A-brief-breakdown-of-declarative-vs-imperative-programming">using a declarative or imperative style</a> or fully embracing an infrastructure-as-code discipline.</p> <p>That doesn't always mean automating the single biggest time sink, however, because it's important to recognize the complexity of the task teams want to automate. Addressing a few simple problems in one week could free up as much staff time as it would take to fix one complex problem that requires a full month.</p> <p>Teams can boost their chances of automation success with the following:</p> <ul class="default-list"> <li>Deploy consolidated and virtualized branch stacks.</li> <li>Use white box switches running centralized SDN software.</li> <li>Adopt carrier and cloud services with APIs that enable programmatic access to features, such as route management and dynamic bandwidth increases and decreases.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Visibility and monitoring lower costs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Visibility and monitoring lower costs</h2> <p>Network teams can't manage what they can't see. To know where to focus cost-reduction efforts, the network team needs as much <a href="https://www.techtarget.com/searchnetworking/feature/Ways-to-improve-the-network-monitoring-experience">visibility into the network and its operations</a> as possible, including infrastructure, services and staff time.</p> <p>Modern management tools include traditional network management suites, SD-WAN platforms and cloud cost analysis tools.</p> <p>Teams can use these tools to see the following:</p> <ul class="default-list"> <li>Capacity exceeding demand.</li> <li>Networking services fee changes that affect the budget.</li> <li>Staff troubleshooting and management time exceeding the average.</li> <li>Low performance and reliability areas.</li> <li>Systems past end of support or end of life.</li> </ul> <p>Teams can also make data-driven projections of growth and traffic changes, as well as predict service impairments from potential equipment failures.</p> </section> <section class="section main-article-chapter" data-menu-title="Cost control in a modern network"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cost control in a modern network</h2> <p>The amount of money and time spent keeping the network up can be better spent toward improving the network. Rightsizing, adopting widespread automation and drastically reducing technical debt can result in lower operational costs and lower barriers to scaling and introducing new IT services.</p> <p>Getting there requires organizations to make focused, short-term investments in new generations of tools, services and equipment to garner ongoing, long-term savings and service improvements. It also means investing in the professionals who run the network, helping them <a href="https://www.techtarget.com/searchnetworking/tip/A-guide-on-how-to-learn-network-automation">gain and polish skills needed for automation</a> and continually adjust the network to meet evolving needs.</p> <p><em>John Burke is CTO and a research analyst at Nemertes Research. Burke joined Nemertes in 2005 with nearly two decades of technology experience. He has worked at all levels of IT, including as an end-user support specialist, programmer, system administrator</em></p> </section> Enterprises face rising network costs due to improper rightsizing, technical debt and manual management. Smart strategies can reduce expenses without sacrificing performance. https://cdn.ttgtmedia.com/rms/onlineimages/money_g1021600178.jpg https://www.techtarget.com/searchnetworking/tip/How-to-reduce-networking-costs-without-performance-loss Fri, 13 Mar 2026 16:15:00 GMT <p>Enterprises continue to waste money due to mismanaged cloud infrastructure. &nbsp;The automated nature of cloud tooling makes it easier to scale inefficient or unused infrastructure more quickly.</p> <p>Flexera's <a href="https://info.flexera.com/CM-REPORT-State-of-the-Cloud">2025 State of the Cloud</a> report found that 27% of cloud spend continues to be wasted despite optimization efforts.</p> <p>By adopting FinOps practices, enterprises can overcome the challenges associated with inefficient cloud spend. It adds an operational and cross-enterprise collaboration element to cloud cost management tooling.</p> <p>A primary driver for FinOps is developing enterprise workflows to align cloud spending with usage, thereby saving money. It can also help streamline processes and help set expectations for savings and other positive changes.</p> <p>Titus M, practice director at Everest, an advisory firm, observed that organizations that reach mature FinOps maturity consistently realize cost reductions of 20-60%, improve cost predictability and forecasting, accelerate decision-making through embedded cost awareness, and achieve operational excellence through automation and visibility. This provides a strategic advantage through <a href="https://www.techtarget.com/searchcloudcomputing/tip/Rein-in-services-to-avoid-wasted-cloud-spend">accurate service pricing</a> and ROI calculations, enabling agile resource deployment and a faster market response.</p> <p>Titus M said, "We have seen enterprises reach a reasonable amount of maturity within 12-18 months. Now we are reaching a stage in the market where cost predictability and cultural transformation are becoming mainstream."</p> <p>Here are some use cases where enterprises are starting to see the <a href="https://www.techtarget.com/searchcloudcomputing/tip/Apply-these-FinOps-best-practices-to-optimize-cloud-costs">value of FinOps practices</a>.</p> <section class="section main-article-chapter" data-menu-title="1. Tagging governance to drive savings &amp; availability"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Tagging governance to drive savings &amp; availability</h2> <p>Ouribank, a fintech leader in financial services in Brazil, worked with Everest to focus its FinOps strategy. When they started, cost visibility remained fragmented across development, operations and finance teams. Rather than pursuing immediate cost cuts, they followed the FinOps Foundation's framework for a phased roadmap, which was stewarded by a dedicated FinOps specialist.</p> <p>They prioritized low-operational quick wins in numerous ways, including:</p> <ul class="default-list"> <li>Shutting down idle resources.</li> <li>Automating development and test environment shutdowns during off-hours.</li> <li>Migrating AWS ECS Fargate workloads from on-demand to spot pricing.</li> <li>Reducing over-provisioned resources.</li> <li>Implementing Amazon S3 lifecycle policies</li> <li>Upgrading Amazon EBS volumes to gp3 with optimized IOPS allocation.</li> </ul> <p>The second phase focused on <a href="https://www.techtarget.com/searchcloudcomputing/opinion/FinOps-evolution-evident-in-2025-AWS-compute-usage-study">structured Savings Plans and Reserved Instances</a> purchases for medium-term resource needs. In the first year, they</p> <ul class="default-list"> <li>Reduced cloud costs by 60%.</li> <li>Increased availability and processing capacity by 18%.</li> <li>Scaled cost tagging from 0% to 94%.</li> </ul> <p>"Tagging governance serves as the foundation for chargeback maturity, enabling precise cost attribution at granular levels," said Titus M. This phased crawl, walk and run approach typically requires 12-18 months from initial visibility to mature chargeback operations.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Centralized FinOps for infrastructure optimization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Centralized FinOps for infrastructure optimization</h2> <p>Aykut Duman, a partner in Kearney's Digital &amp; Analytics practice, worked with one leading US telco to guide its FinOps journey. This process involved a cross-disciplinary focus on cost analysis, allocation and optimization across multiple cloud environments. The groundwork helped the telco link visibility and context across billing, workloads and consumption data.</p> <p>The multidisciplinary aspect involved working with finance, IT and procurement teams. It has also improved the ability to allocate cloud costs to specific workloads and business owners. Multiple people can collaborate to identify and pursue rightsizing opportunities by taking advantage of reservations and savings plans. Duman said they are realizing savings of 5-10% and have achieved about 1% variance in budget accuracy.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Turning cost into an engineering signal"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Turning cost into an engineering signal</h2> <p>Philipp Jung, a senior partner in Kearney's Digital &amp; Analytics practice, worked with a leading digital media company on a project to improve developer cost visibility to drive behavior change. The first step was to find ways to embed cost data directly into engineering workflows and to incentivize their use.</p> <p>"The aim wasn't only to cut spending but to make cost a first-class engineering signal like latency or reliability," said Jung.</p> <p>The company reported saving millions within the first few months of making costs visible and actionable. A key insight was finding ways to surface cost data directly into the engineering team's existing tools. This allowed developers to see and prioritize cost optimizations associated with products without leaving their tools.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Improving governance across the enterprise"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Improving governance across the enterprise</h2> <p>Will Thomas, managing director and cloud optimization lead at Protiviti, recently conducted a proof-of-value engagement with a client that had adopted a FinOps tool. Nearly immediately, they improved visibility into waste across the entire enterprise, extending beyond their cloud footprint.</p> <p>"By implementing better tagging practices, we can assign unused services to the business while establishing and enforcing policies across all resources for accurate chargebacks and reporting," said Thomas.</p> <p>He has found that improving processes to identify waste, such as orphaned resources, rightsizing and reservations, typically uncovers 10-30% overspend, thereby offering quick cost-reduction opportunities.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Better ways of working"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Better ways of working</h2> <p>Thomas noted that a secondary use case that continues to emerge in more mature FinOps deployments is the discovery of more efficient workflows.</p> <p>"FinOps thrives when finance, engineering and business units collaborate, whereas treating FinOps as an IT-only or finance-only project limits impact," said Thomas</p> <p>This requires setting clear goals and accountability, along with defining KPIs like spending reduction targets and unit cost metrics. It's also important to assign decision rights to mid-level managers to accelerate outcomes.</p> <p>"Organizations are able to operate more efficiently, observe daily run rates and provide executives with a clear understanding of the unit economics of their cloud spend," Thomas said.</p> <p><em>George Lawton is a journalist based in London. Over the last 30 years, he has written more than 3,000 stories about computers, communications, knowledge management, business, health and other areas that interest him.</em></p> </section> FinOps transforms cloud cost management by aligning spending with usage, cutting waste and boosting efficiency. Learn how companies save up to 60% and drive innovation. https://cdn.ttgtmedia.com/visuals/LeMagIT/hero_article/Money_Dollar_hero.jpg https://www.techtarget.com/searchcloudcomputing/tip/5-real-world-FinOps-use-cases-to-maximize-ROI Fri, 13 Mar 2026 16:09:00 GMT <p>Geopolitical cyber-risk is of growing relevance for enterprise CISOs, with escalating conflict in the Middle East posing an immediate threat to many U.S. organizations.</p> <p>Risk experts from Fitch Ratings and Moody Ratings warned this week that the <a target="_blank" href="https://www.cybersecuritydive.com/news/us-entities-cyber-risk-iran-war/814313/" rel="noopener">risk of retaliatory cyberattacks</a> on U.S. critical infrastructure, local governments and major corporations is rising. Successful attacks by Iranian state-sponsored, hacktivist and lone-wolf cyberthreat actors could disrupt essential services and shake financial markets, they added.</p> <p>Cyber-risk analytics firm CyberCube <a target="_blank" href="https://insights.cybcube.com/en/how-cyber-reinsurers-should-react-iran-war" rel="noopener">identified</a> 119 U.S. companies at high risk of being targeted -- 12% of large firms across the banking, financial, energy and utilities, oil and gas, healthcare, telecommunications and public sectors. The analysis was based on the following factors:</p> <ul class="default-list"> <li>Deployment of three or more technologies, such as connected industrial devices, that Iran-affiliated threat actors frequently target.</li> <li>Observable security weaknesses, such as weak passwords and poorly secured networks, that correspond to Iran's established pre-breach and post-breach activities.</li> </ul> <p>Enterprise CISOs should pay attention to the convergence of geopolitical instability and advanced cyberthreats and monitor its implications for enterprise risk and <a href="https://www.techtarget.com/whatis/definition/cyber-resilience">cyber resilience</a>.</p> <p>This week's featured stories highlight developments in the Middle Eastern conflict that cybersecurity leaders need to know about.</p> <section class="section main-article-chapter" data-menu-title="'New blueprint' for modern conflict: Iran integrates cyber intrusions and physical warfare"> <h2 class="section-title"><i class="icon" data-icon="1"></i>'New blueprint' for modern conflict: Iran integrates cyber intrusions and physical warfare</h2> <p>Iran is combining cyber intrusions with kinetic operations into a unified military doctrine. According to Check Point Research, Iranian threat actors are exploiting vulnerabilities in IP cameras and using the compromised devices to plan, support and assess missile strikes.</p> <p>These activities, targeting regions like Israel, Qatar and the UAE, align with Iran's broader retaliation strategy, which includes <a href="https://www.techtarget.com/searchsecurity/tip/Top-10-ICS-cybersecurity-threats-and-challenges">industrial control system intrusions</a>, logistics sabotage and DDoS attacks.</p> <p>Experts warn Iran's integrated approach -- using low-cost cyber operations to amplify physical attacks -- represents a new blueprint for modern conflict.</p> <p><a target="_blank" href="https://www.darkreading.com/threat-intelligence/iran-cyber-kinetic-war-doctrine" rel="noopener"><i>Read the full article by Alex Culafi on Dark Reading</i></a><i>. </i></p> </section> <section class="section main-article-chapter" data-menu-title="Medtech firm investigates cyber intrusion disrupting global operations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Medtech firm investigates cyber intrusion disrupting global operations</h2> <p>Stryker, a major medtech firm, is addressing a cyber intrusion that caused widespread outages across its Microsoft-based systems. The company activated its <a href="https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan">cybersecurity response plan</a> and engaged external advisors to assess the impact, which remains unclear.</p> <p>While Stryker does not believe ransomware or malware were involved, an Iran-linked threat actor, Handala, claimed responsibility. The attack reportedly wiped remote devices, including laptops and cellphones, and forced employees to disconnect from networks.</p> <p>Stryker is working to restore systems, including its electronic ordering platform, while ensuring product safety and operational continuity. The incident highlights escalating risks to critical healthcare infrastructure.</p> <p><a target="_blank" href="https://www.cybersecuritydive.com/news/stryker-outage-Iran-cyberattack/814497/" rel="noopener"><i>Read the full article by Ricky Zipp and David Jones on Cybersecurity Dive</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="Middle East conflict reveals cloud infrastructure vulnerabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Middle East conflict reveals cloud infrastructure vulnerabilities</h2> <p>Recent military strikes in the Middle East have exposed significant weaknesses in cloud resilience. Physical attacks on AWS data centers in the UAE and Bahrain disrupted operations, causing structural damage, power outages and water damage.</p> <p>Experts warn that cloud infrastructure, critical to military and civilian operations, is increasingly a strategic target in modern warfare. Real-time processing and ultra-low-latency workloads in sectors such as finance, healthcare and defense are particularly vulnerable.</p> <p>The incidents underscore the need for organizations to rethink disaster recovery and <a href="https://www.techtarget.com/searchdatamanagement/tip/Successful-data-operations-follow-a-data-governance-roadmap">data governance strategies</a>, as geopolitical risks challenge assumptions about cloud availability and resilience.</p> <p><a target="_blank" href="https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps" rel="noopener"><i>Read the full article by Robert Lemos on Dark Reading</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="Iranian state-linked threat groups target U.S. and Canadian networks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Iranian state-linked threat groups target U.S. and Canadian networks</h2> <p>Seedworm, an advanced persistent threat group tied to Iran's Ministry of Intelligence and Security, targeted U.S. and allied networks in the lead-up to the recent bombing campaign against Iranian assets. Researchers identified backdoors, including the newly discovered Dindoor, on networks of U.S. companies, a Canadian nonprofit and a U.S. airport.</p> <p>Intrusions began in early February, with data exfiltration attempts using Wasabi, a cloud storage service, and RClone, a command-line program that manages files across cloud storage environments. Pro-Iran hacktivists have also claimed attacks on U.S. municipal systems. According to Flashpoint researchers, the financial sector has also been warned of potential DDoS attacks reminiscent of Operation Ababil.</p> <p>These activities underscore heightened <a href="https://www.techtarget.com/searchsecurity/tip/How-to-build-an-effective-third-party-risk-assessment-framework">third-party risk</a> and vulnerability exposure amid the ongoing conflict.</p> <p><a target="_blank" href="https://www.cybersecuritydive.com/news/state-linked-actors-targeted-us-networks-in-lead-up-to-iran-war/814190/" rel="noopener"><i>Read the full article by David Jones on Cybersecurity Dive</i></a><i>. </i></p> <p><b>Editor's note:</b>&nbsp;<i>An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.</i></p> <p><em>Alissa Irei is senior site editor of Informa TechTarget Security.</em></p> </section> Check out the latest security news from the Informa TechTarget team. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a252657224.jpg https://www.techtarget.com/searchsecurity/news/366640393/News-brief-Risk-of-Iran-backed-cyberattacks-rising-in-US Fri, 13 Mar 2026 16:08:00 GMT <p>The rise of generative AI and the resulting data center expansion boom shines a spotlight on electrical grids as a key constraint that could foil the industry's scaling plans.</p> <p>The race among hyperscalers and <a href="https://www.techtarget.com/searchenterpriseai/definition/generative-AI">GenAI</a> model providers to build more capacity is overwhelming the <a href="https://www.techtarget.com/searchdatacenter/tip/How-data-centers-can-help-balance-the-electrical-grid">grids' ability to keep pace</a>. A 2025 whitepaper from the Open Energy Outlook Initiative, a partnership between Carnegie Mellon University and North Carolina State University, <a target="_blank" href="https://www.cmu.edu/work-that-matters/energy-innovation/data-center-growth-could-increase-electricity-bills" rel="noopener">noted</a> that utility planning has historically assumed 1%-2% annual demand growth across decades. Data centers, however, generate regional electrical demand growth rates of 20%-30% annually, the report stated. "This mismatch between conventional planning timelines and demand growth has exposed limitations in capacity planning practices and increased short-run electricity generation costs," the report added.</p> <p>Growing electricity demand is an issue for top-tier AI companies, such as AWS, Google, Meta, Microsoft and OpenAI. But the ripple effects extend beyond the providers of GenAI capabilities. Energy companies also face pressure to handle the grid capacity challenge, as state and local governments <a target="_blank" href="https://www.energy.gov/articles/fact-sheet-trump-administration-outlines-plan-build-big-power-plants-again" rel="noopener">along with the federal sector</a> consider the impact on consumer prices. Enterprise business and technology leaders should consider how increasing energy consumption and costs could affect their ability to grow AI deployments over time.</p> <p>GenAI is increasing the data center's energy intensity, acknowledged Mike Quinn, portfolio strategist and growth lead, energy and industrials at Caylent, an AWS Premier Tier Services Partner. More power-hungry compute resources are being crammed into fewer rooms and run harder and longer than traditional enterprise workloads, he said. "That shift is starting to surface in CIO and CTO conversations not as an abstract sustainability topic, but as a real constraint on where they can build, how fast they can grow, and what it will cost to cool and power the next wave of AI services," he explained.</p> <p><a href="https://www.techtarget.com/searchcio/news/366614592/Growing-AI-energy-use-tech-workloads-constrain-IT">Efforts to work around energy constraints</a> are under development. They include on-site generation and microgrids to power individual data centers. Those approaches might rely on a mix of sources, from nuclear power to natural gas turbines.</p> <p>Paradoxically, GenAI could offer another avenue to address the power demand surge, by helping companies more effectively orchestrate AI workloads and reduce strain on power grids. As for timeframes, planning for on-site generation and microgrids is already underway. Data centers are using AI tools for energy management, but more sophisticated deployments are expected to phase in over the next four to five years.</p> <section class="section main-article-chapter" data-menu-title="Power demand shifts and accelerates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Power demand shifts and accelerates</h2> <p>In the early days of GenAI, power demands tilted toward the compute-intensive task of training models. Energy consumption now stems from other sources.</p> <p>"It used to be these large language models … took a lot of training and that training was highly energy consumptive," said Autumn Stanish, director analyst at Gartner. "That has now largely shifted to inferencing."</p> <p>With inferencing, a GenAI model draws upon its training phase to interpret new data when users submit queries. This action generates output, such as text, images and code. <a href="https://www.techtarget.com/searchenterpriseai/feature/How-GenAI-deployments-are-redefining-everyday-work-routines">Inferencing puts a strain</a> not only on compute, but also on networking, memory and cooling systems. "It's not just the servers with the GPUs and various accelerators," Stanish noted. Liquid cooling is close to becoming an absolute requirement for high-performance computing, she said, adding that hyperscalers have purchased so much memory capacity that they've <a href="https://www.computerweekly.com/news/366635013/Chip-makers-warn-of-a-looming-shortage-in-DRAM-and-SSD">created a shortage</a>.</p> <p>Dell'Oro Group has also cited the rising demand for infrastructure. The market researcher earlier this month <a target="_blank" href="https://www.delloro.com/news/data-center-physical-infrastructure-market-to-surpass-80-billion-by-2030/" rel="noopener">projected</a> that the worldwide data center physical infrastructure market will exceed $80 billion by 2030, with an annual growth rate in the mid-teens. Within that market, direct liquid cooling is expected to eclipse $8 billion by 2030 as it becomes "a foundational technology for AI factories," Dell'Oro noted.</p> <p>Gartner, meanwhile, <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026" rel="noopener">forecast</a> that infrastructure will drive worldwide AI spending in 2026, which the research firm expects to surpass $2.5 trillion. That's a 44% year-over-year increase, for which AI infrastructure is expected to add $401 billion in spending compared with 2025 levels. Gartner didn't include cooling and power infrastructure cost in its AI forecast, but John-David Lovelock, a vice president analyst at the research and advisory firm, said cooling and power infrastructure needs "are slowing the construction of new data centers and adding significantly to the final cost."</p> <p><iframe title="AI and power consumption" aria-label="Table" id="datawrapper-chart-3RL8S" src="https://datawrapper.dwcdn.net/3RL8S/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="357" data-external="1"></iframe></p> <p> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </p> </section> <section class="section main-article-chapter" data-menu-title="Ways to ease power constraints"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ways to ease power constraints</h2> <p>Dell'Oro pointed to "power scarcity" as a constraint on near-term data center expansion, citing on-site power generation as a workaround for large AI campuses. On-site generation is emerging as a popular "bridge solution" that can power large data centers while they wait to be interconnected into the grid through a substation, said Alex Cordovil, research director at Dell'Oro Group. The process of bringing a site online at gigawatt scale involves "very long timelines," he explained. "We expect [on-site power generation] to be a very important strategy. We're looking at it becoming almost a mandate for new deployment."</p> <p>Cordovil cited Microsoft's Fairwater AI data center in Mount Pleasant, Wis., xAI's Colossus data center in Memphis, Tenn., and Crusoe's Abilene data center in Abilene, Texas, as examples of data center projects that involve on-site power generation. It's not an approach for every data center, however. On-site power generation only becomes cost-effective for large data center campuses around the 100-megawatt threshold and above, Cordovil said. That typically includes hyperscalers and colocation facilities.</p> <p>Data centers are turning to natural gas turbines and reciprocating engines as their primary on-site generation options, Cordovil added. That's an appropriate choice in states like Texas and other regions with abundant natural gas and a well-developed pipeline network. But other generation technologies, such as fuel cells, could gain importance as they become more economical. Fuel cells are more expensive than gas turbines, Cordovil said, but the gap is closing.</p> <p>Gartner <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2024-11-05-gartner-predicts-fortune-500-companies-will-shift-us-dollars-500-billion-from-energy-opex-to-microgrids-through-2027" rel="noopener">views</a> microgrids as an approach large data centers might take to address power constraints. It describes microgrids as independent power networks that run on their own or in conjunction with the main power grid to meet a data center's electricity needs. Most businesses are weighing whether to create a <a href="https://www.techtarget.com/searchdatacenter/news/366625268/Meta-inks-20-year-nuclear-deal-to-power-data-center">microgrid based on nuclear power</a>, geothermal power or some other energy source, which, Gartner's Stanish said, could lead to widespread microgrid deployment in the 2027-2028 timeframe.</p> <p>Social considerations could delay that schedule, however. Data center builders might have to address questions such as whether they have an obligation to <a href="https://www.techtarget.com/searchcio/feature/What-CIOs-need-to-know-about-community-first-AI-infrastructure">invest in the surrounding community's power infrastructure</a> as well as their own private grids, Stanish said.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/data_center_energy_efficiency_activities-f.png 1280w" alt="Graphic showing where GenAI can reduce data center energy demands." height="487" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Embedded in infrastructure management tools, GenAI can be a data center energy savior. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="GenAI to the rescue?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>GenAI to the rescue?</h2> <p>GenAI as an energy manager, as well as a top contributor to power demands, could play a greater role among large data centers.</p> <p>Today, GenAI is already embedded in <a href="https://www.techtarget.com/searchdatacenter/definition/data-center-infrastructure-management-DCIM">data center infrastructure management</a> tools, Stanish noted. GenAI and AI-driven automation in general are moving through a series of maturation steps. AI has been used for years to monitor data center environments, and more sophisticated uses such as recommendations and pop-up alerting are becoming established, Stanish added. These features give data center managers a heads up based on preset triggers and offer power-management guidance.</p> <p>The next step would involve an <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-agents">AI agent</a>, or another automation mechanism, managing energy use autonomously. Stanish said this phase will be important for power-savings measures, such as spatial and temporal shifting -- for example, moving an AI workload to a data center location with a surplus of green energy or scheduling a workload to run at the most energy-efficient time.</p> <p>The top 5% or so of businesses, such as those with experience in technologies like digital twins, will be the first to deploy this style of AI, perhaps by late 2027 or early 2028, Stanish conjectured. Other organizations will follow in the early 2030s.</p> <p>Along those lines, Quinn said Caylent is talking with an energy producer about using AI to "surface where flexible AI workloads can actually support grid stability instead of undermining it."</p> <p>Cordovil also believes &nbsp;<a href="https://www.techtarget.com/searchenterpriseai/feature/The-future-of-generative-AI-Trends-to-follow">AI can play a role in managing energy use</a>. He expects data centers to use AI in maintenance and facilities management. Another plus is AI's ability to provide real-time information for energy decision-making. It could provide insight into when to turn data center chillers on or off, Cordovil said. And AI could help data centers determine when to sell excess capacity to the grid -- on hot days, for instance -- generating revenue through price arbitrage.</p> <p>"We expect these technologies to be used more and more within the data center to make them more efficient," Cordovil added, "and make the overall grid more efficient and more reliable."</p> <p><i>John Moore is a freelance writer who has covered business and technology topics for 40 years. He focuses on enterprise IT strategy, AI adoption, data management and partner ecosystems.</i></p> </section> GenAI's infrastructure requirements drive up power demands for hyperscalers and other large data centers, but GenAI, and AI-based automation, could also help manage consumption. https://cdn.ttgtmedia.com/rms/onlineimages/map_globe_g170100641.jpg https://www.techtarget.com/searchenterpriseai/feature/Is-GenAI-villain-and-hero-in-data-center-power-drama Fri, 13 Mar 2026 15:52:00 GMT <p>For decades, large organisations have run on professional gatekeepers. IT decided which tools were approved, procurement decided what was compliant, legal decided what was safe. Specialist departments decided what “good” looked like.</p> <p>That structure concentrated authority. If you wanted something done, you went through the function that controlled the expertise. They set the standards, defined the metrics and controlled the flow of execution. AI is quietly destabilising that system.</p> <p>In software engineering there is a concept known as “shifting left,” moving responsibility earlier in the process and closer to the people doing the work, rather than keeping it concentrated in specialist teams.</p> <section class="section main-article-chapter" data-menu-title="Power is shifting left"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Power is shifting left</h2> <p>AI is beginning to create the same shift inside organisations. Not by eliminating those functions outright, but by weakening their monopoly over execution. When intelligence is embedded directly into everyday tools, the person closest to the task no longer needs to route work through a central department. They can generate analysis, draft contracts, translate content, test products or build workflows themselves. And when that happens, power shifts.</p> <p>This is not primarily a productivity story. It is a redistribution of authority inside organisations. Professional functions derive influence from scarcity – scarcity of knowledge, access and approved pathways. Over time they formalise that influence through frameworks, standards and performance metrics. These structures are often necessary, but they also create control. If only one team can execute safely or correctly, that team holds leverage. AI reduces that scarcity.</p> <p>When a product manager can produce legal-grade drafts with embedded guardrails, or a marketing team can localise content instantly using AI systems with expert review layered in, the argument that “only we can execute this properly” becomes harder to sustain. The question changes from “Is this perfectly compliant with our professional framework?” to “Is this good enough to ship?”</p> <p>That shift sounds minor. It is not. Perfection, as defined by specialists, is a source of institutional power. “Good enough”, as defined by operators, redistributes it. Software development illustrates this clearly. For years, testing was controlled by centralised quality assurance teams. Modern development practices introduced the idea of shifting testing left, encouraging developers to test code earlier in the development process rather than waiting for a separate quality assurance stage.</p> </section> <section class="section main-article-chapter" data-menu-title="AI will change business functions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI will change business functions</h2> <p>Quality assurance did not disappear. But its authority changed. It moved from day-to-day gatekeeping to defining standards, building automated frameworks and overseeing risk.</p> <p>Enterprise IT followed a similar trajectory. For years, business units waited for central approval and provisioning. SaaS platforms chipped away at that control. Teams began selecting tools directly. Shadow IT emerged not because governance disappeared, but because operational needs moved faster than central processes.</p> <p>IT still exists. But its role evolved. It sets policy and manages security rather than controlling every purchase. AI is accelerating that same pattern across far more functions at once.</p> <p>Legal departments will not vanish, but routine drafting will increasingly begin outside their walls. Localisation teams will still matter, but translation will often start at the point of need. Finance teams will continue to manage risk, but analysis will be generated long before it reaches them.&nbsp; In each case, the centre of gravity moves outward.</p> <p>This shift has consequences beyond workflow efficiency. When execution becomes self-service, buying power moves as well. The people closest to the work begin to define what matters. They optimise for speed, usability and outcomes rather than internal process metrics.</p> </section> <section class="section main-article-chapter" data-menu-title="Governance is not the same as control"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Governance is not the same as control</h2> <p>Professional KPIs rarely disappear overnight. They erode when users can achieve acceptable results without going through the traditional channel.&nbsp;The destabilising force is not that AI makes experts obsolete. It is that AI makes expertise ambient.</p> <p>When capability is embedded directly in the tool, the tool competes with the department – and tools scale faster than organisational hierarchies. This does not eliminate risk. Governance may become even more important. But governance is not the same as control. Setting guardrails from the perimeter is different from sitting at the centre of every decision.</p> <p>For leaders, the strategic question is not whether AI will replace functions. It is whether their authority depends on being a mandatory intermediary.</p> </section> <section class="section main-article-chapter" data-menu-title="AI makes influence fragile"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI makes influence fragile</h2> <p>If influence depends on owning the only path to execution, that influence is fragile. AI will route around bottlenecks wherever possible. If influence instead comes from defining standards that scale across decentralised execution, it can endure.</p> <p>Inside organisations, power rarely disappears. It migrates. AI lowers friction at the edge. The most visible impact of artificial intelligence may be faster drafting, cheaper translation and quicker analysis. The deeper impact will be less visible: a shift in who gets to decide what “good” looks like.</p> <p>And inside any institution, that is never a neutral change. AI is not just automating work. It is shifting power left.</p> <p><i>Yoav Ziv is the CEO of Tasq AI, a platform that helps enterprises scale AI and GenAI models by integrating human judgment into high-stakes data workflows.</i></p> </section> Business leaders will need to re-think how they influence their organisations as work becomes more decentralised https://cdn.ttgtmedia.com/visuals/German/article/artificial-intelligence-adobe.jpg https://www.computerweekly.com/opinion/AI-Is-shifting-power-left Fri, 13 Mar 2026 15:43:00 GMT <p>ORLANDO, Fla. -- As businesses increasingly prioritize AI initiatives, the data needed for AI success is more critical than ever.</p> <p>"To get started with AI, your data needs to be ready, your people need to be ready and your technology needs to be ready," said Melody Chien, senior research director in data management at Gartner, in an interview with TechTarget Editorial. "There's a lot that needs to come together, but the most important is data. With no data, there's no AI."</p> <p>To address <a href="https://www.techtarget.com/searchenterpriseai/feature/9-data-quality-issues-that-can-sideline-AI-projects">AI's pressing data needs</a>, many chief data and analytics officers and data teams are expanding their responsibilities to include data management specifically for AI processes. But it's not as simple as applying traditional data-readiness practices to the data needed for AI systems. Having <a href="https://www.techtarget.com/searchdatamanagement/tip/Experts-share-practices-to-overcome-AI-data-readiness">AI-ready data</a> requires its own set of rules, tools and best practices -- many of which were on display at Gartner's Data &amp; Analytics Summit this week.</p> <section class="section main-article-chapter" data-menu-title="Why data readiness for AI is unique"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why data readiness for AI is unique</h2> <p>Due to AI's complexity and autonomous nature, AI systems need data that depends on context and use cases in a way that other technology applications don't.</p> <p>"AI-ready data means that data is ready to support certain AI cases," Chien explained. "'Certain' AI cases means that readiness can be very contextual. Data could be ready for one AI case but not for another AI case. You can't just put a label that says, 'data is AI-ready.' You need to look at the bigger context, including what exactly you're trying to implement."</p> <p>Businesses and AI vendors alike often don't carefully consider the data needs of AI systems, said Roxane Edjlali, senior director of data management strategies at Gartner, in an interview with TechTarget Editorial. In fact, a recent Gartner AI-ready data survey found that only 32% of organizations with AI initiatives had an AI data-readiness process.</p> <p>"This means that 68% aren't doing it systematically, which is quite concerning," Edjlali added. "If you apply the same ratio [to AI agent use cases specifically], that would be even further concerning."</p> <p>AI's need for context becomes more prominent in the age of <a href="https://www.techtarget.com/searchenterpriseai/definition/agentic-AI">agentic AI</a>. AI agents often operate autonomously or with <a href="https://www.techtarget.com/searchenterpriseai/tip/The-ethics-that-make-human-AI-agent-collaboration-work">limited human-in-the-loop capabilities</a>, so understanding context is essential for them to function properly.</p> <p>Without AI-ready data, an <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-agents">agent</a> can struggle to identify if it's being prompted in the right context for the right use case, Edjlali said in her Gartner session, "AI-ready data: Lessons learned become practices to follow."</p> <p>"Context needs to be able to provide [an agent] with sufficient information to verify whether it is or is not operating as planned," Edjlali said in an interview. "If it's not operating as planned, you cannot expect to get the same level of accuracy or precision that the AI use case was designed for."</p> </section> <section class="section main-article-chapter" data-menu-title="How to get your data AI-ready"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to get your data AI-ready</h2> <p>In an interview with TechTarget Editorial, Arun Chandrasekaran, VP analyst<i>&nbsp;</i>at Gartner, identified three main pillars for getting data AI-ready: data quality, data integration, and data lineage and classification.</p> <p>Ensuring data quality means transcending conventional techniques because there's so much data fed into AI systems and much of it is <a href="https://www.techtarget.com/searchbusinessanalytics/definition/unstructured-data">unstructured</a>, Chandrasekaran explained. Creativity is essential here, such as using tooling to support data labeling and <a target="_blank" href="https://aibusiness.com/synthetic-data/synthetic-data-is-the-key-to-unlocking-ai-agents-true-potential" rel="noopener">synthetic data</a> to fill data gaps.</p> <p>Data integration means <a href="https://www.techtarget.com/searchenterpriseai/tip/Tools-and-techniques-for-optimizing-AI-data-pipelines">getting data into your pipelines</a>, he said. This can involve many new techniques, such as using AI models to chunk, retrieve and add metadata as new data comes in. It can also involve engaging with tools such as the <a href="https://www.techtarget.com/searchenterpriseai/tip/How-the-Model-Context-Protocol-simplifies-AI-development">Model Context Protocol</a>.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> You can see unstructured data as a liability, or you can see it as an asset. </figure> <figcaption> <strong>Melody Chien</strong>Senior research director, Gartner </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Data lineage and data classification specify the data's origin, lifecycle and characteristics, which involves citations, verified sources and often a context layer. "The context layer includes everything from the active metadata management, the semantic layer, which is the business definition of the data, the ontology, which is understanding and representing the relationship that exists between data, and perhaps also memory, which is particularly needed as AI agents become more pervasive," Chandrasekaran said.</p> <p>With a variety of processes needed to ensure AI-ready data, businesses can verify their data readiness with AI readiness assessments, such as the 26-point checklist Edjlali presented in her session.</p> <p>Not every business needs to move through its readiness assessment in the same way, Edjlali said in an interview. The key is that whenever embarking on a new AI project, experts and stakeholders should collaborate and define the data needed to execute the use case. From there, teams can proceed to a <a href="https://www.techtarget.com/searchcio/tip/Free-proof-of-concept-templates-for-the-CIO">proof of concept</a> and complete a readiness assessment that works for their use case.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/roxane-edjlali-2-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/roxane-edjlali-2-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/roxane-edjlali-2-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/roxane-edjlali-2-f.jpg 1280w" alt="Roxane Edjlali stands on stage at Gartner, presenting a 26-point checklist for AI data readiness on a PowerPoint slide." data-credit="Olivia Wisbey/TechTarget" height="569" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>In her session, Edjlali presented a 26-point checklist that organizations can use to ensure AI-ready data. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Consider the value of unstructured data</h3> <p>Because many generative and agentic <a href="https://www.techtarget.com/searchenterpriseai/opinion/Why-multimodal-AI-is-reshaping-enterprise-intelligence">AI applications today are multimodal</a>, unstructured data accounts for a large share of the data needed to train and maintain AI systems.</p> <p>Unstructured data lacks the predefined structure necessary for easy storage and analysis in traditional databases. It can be in the form of images, audio, PDFs, social media, emails and more. While unstructured data can be more challenging for organizations to store and analyze, its use in AI applications can create business value.</p> <p>"You can see unstructured data as a liability, or you can see it as an asset," Chien said in an interview.</p> <p>In her session, "How to unlock the value of unstructured data for AI: Start with governing it first," Chien noted that 70%-90% of enterprise data is unstructured. Therefore, Chien spends more time today educating clients about unstructured data and how to analyze it, she said in an interview. But now, increased literacy and access to tools mean organizations can more often engage with the unstructured data vital to many generative and agentic AI applications.</p> <p>While understanding the importance of unstructured data for AI use cases is a first step, leaders must also properly govern it if they want that data to be ready for AI, Chien said. Governance involves multiple steps, including tagging and classifying unstructured data, along with extensive <a href="https://www.techtarget.com/searchdatamanagement/tip/Metadata-management-standards-examples-that-guide-success">metadata management</a>.</p> <p>"The type of processing and metadata that you need for unstructured data is very different," Edjlali said in an interview. "If you don't have enough labels that are going to distinguish everything, it is likely going to be much more difficult to get accuracy for the use case."</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/melody-chien-1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/melody-chien-1-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/melody-chien-1-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/melody-chien-1-f.jpg 1280w" alt="Melody Chien stands on stage at Gartner, presenting step 3 in governing unstructured data: tag and classify data." data-credit="Olivia Wisbey/TechTarget" height="580" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>In her session, Chien explained the steps to governing unstructured data, including tagging and classifying data. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Prioritize metadata</h3> <p>The metadata used to describe unstructured data can be inconsistent, Chien said in her session. There are often no predefined standards or clear ownership over data, which can create a major roadblock to AI data readiness.</p> <p>"Metadata is everything that helps you answer the question, 'Is my data AI-ready?'" Edjlali said in an interview. "Questions regarding what the model is designed to do, who should use it, what type of agent it is, what are the use cases outside its scope -- metadata tells you where the data is, where the data came from and the statistical distribution of the data."</p> <p>Importantly, metadata, typically managed through AI model cards, also helps teams <a href="https://www.techtarget.com/searchenterpriseai/tip/How-to-identify-and-manage-AI-model-drift">identify data drift</a>, which means the AI system can no longer perform its use case adequately, Edjlali added. That's the big difference between metadata for AI and traditional metadata, which is often considered static. "'Did anything change?' is the core question that you should be trying to answer," she said in an interview. "Answering that question is metadata."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Metadata is everything that helps you answer the question, 'Is my data AI-ready?' </figure> <figcaption> <strong>Roxane Edjlali</strong>Senior director analyst, Gartner </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <h3>Automate where appropriate</h3> <p>From metadata collection to operationalization, AI-ready data practices are too time-consuming to be entirely manual. Organizations can use tools to automate certain business processes.</p> <p>There are three main categories of tools to consider, Edjlali said in an interview. Businesses should focus on metadata management, <a href="https://www.techtarget.com/searchitoperations/tip/Top-observability-tools">data observability</a> and data governance tools to improve data readiness. When selecting the right AI tools, it's important to understand the project's use case as well as data and metadata needs.</p> <p>"Clients want a simple solution," Edjlali said. "They are looking at technology to solve the problem for them, and so they would much rather have a single vendor do it for them, but it might not deliver on its promise. This is where your knowledge and context come into play."</p> <p><i>Olivia Wisbey is a site editor for Informa TechTarget's AI &amp; Emerging Tech group. She has experience covering AI, machine learning and software quality topics.</i></p> </section> At Gartner's 2026 Data and Analytics Summit, AI-ready data was top of mind. Explore these best practices from experts on achieving data readiness for AI systems. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a252657224.jpg https://www.techtarget.com/searchenterpriseai/feature/AI-ready-data-needs-its-own-set-of-rules-experts-say Fri, 13 Mar 2026 15:41:00 GMT <p>The success of any business depends on the strength and knowledge of its leadership team. The C-suite typically represents all corporate executive roles, including the CEO, COO, CIO, CTO, CFO and CMO. The proliferation of AI, especially the rise of <a href="https://www.techtarget.com/searchenterpriseai/definition/generative-AI">generative AI</a>, in most aspects of business now demands another "C" in the suite -- a chief AI officer who's responsible for AI development, strategy, implementation and governance.</p> <p>Traditional organizational structures attempt to navigate disruptive new technologies through collaboration between business and technology teams. But GenAI introduces new challenges that neither business nor technology leaders, who have other responsibilities, are positioned to address. The chief AI officer (CAIO) fills this void so a business can pursue its AI initiatives with greater speed, clarity, compliance -- and success.</p> <p>Considering the enormous investments required for AI deployments, plus the <a href="https://www.techtarget.com/searchenterpriseai/feature/5-AI-risks-businesses-must-confront-and-how-to-address-them">business risks associated with them</a>, the strong leadership and evangelism of a seasoned CAIO can be the difference between AI success and failure. A CAIO is generally tasked with the following responsibilities:</p> <ul class="default-list"> <li><b>AI strategy.</b> The CAIO develops an AI strategy that aligns with overall business goals. They identify opportunities where AI can add business value and drive initiatives that <a href="https://www.techtarget.com/searchenterpriseai/feature/GenAI-streamlines-enterprise-knowledge-management-process">integrate AI platforms and decision-making</a> into the business workflow, often while collaborating with other C-suite executives, teams and stakeholders.</li> <li><b>AI technologies.</b> The CAIO typically implements the established AI strategy, which involves a combination of software development, such as machine learning (ML) models; processes, such as model training and testing; and infrastructure decisions, such as cloud architecture. The CAIO selects the best tools and methodologies to develop <a href="https://www.techtarget.com/searchenterpriseai/tip/Generative-AI-vs-machine-learning-How-are-they-different">AI and ML systems</a> to address the most valuable business uses -- often in close collaboration with developers and IT teams.</li> <li><b>AI governance.</b> The CAIO must ensure AI systems meet the organization's accuracy, performance, ethics and compliance standards. Among the CAIO's tasks are <a href="https://www.techtarget.com/searchenterpriseai/tip/AI-governance-can-make-or-break-data-monetization">ensuring data quality</a>, mitigating bias, establishing the policies and procedures for responsible AI use, complying with data privacy and security policies and procedures, and aligning AI risk mitigation with overall strategic risk management across the enterprise.</li> <li><b>AI team oversight.</b> Successful AI initiatives require a skilled team of data scientists, ML developers and specialists, cloud architects, and other professionals needed to create, deploy and manage AI systems. The CAIO <a href="https://www.techtarget.com/searchenterpriseai/feature/How-businesses-can-close-the-AI-engineering-gap">builds teams with the necessary skills</a> and support to fulfill AI projects, and manages relationships with software and cloud vendors.</li> <li><b>AI advocacy.</b> AI investments are worthless if people don't use it, so AI needs companywide buy-in from the C-suite to entry-level employees to partners and customers. The CAIO educates the organization about AI's benefits and drives employee training on the <a href="https://www.techtarget.com/searchenterpriseai/feature/35-AI-content-generators-to-explore-in-2026">use of AI platforms</a>.</li> </ul> <p>AI is no longer a niche technology but a business necessity. Yet its true value can be lost without direction and expertise. A CAIO can be the difference between AI as a science experiment and AI as a <i>real</i> driver of business value and ROI.</p> <p>Organizations with a CAIO report a 10% greater ROI on AI investments and are 24% more likely to say they outperform their peers on innovation, according to a global <a target="_blank" href="https://static1.squarespace.com/static/6500be7b90b0f770653f355f/t/68b46072ef89b643ff3e2f3c/1756651634606/IBM+-+2025+Solving+the+AI+ROI+Puzzle.pdf" rel="noopener">survey</a> of more than 600 CAIOs by the IBM Institute for Business Value in collaboration with the Dubai Future Foundation and Oxford Economics. The report also noted that the number of CAIOs more than doubled from 11% in 2023 to 26% in 2025, while 66% of the CAIOs surveyed expect most organizations will have a CAIO within two years.</p> <p><a href="https://cdn.ttgtmedia.com/rms/onlineimages/12-step-program_for_successfully_managing_ai_projects-f.png"></a></p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/12-step-program_for_successfully_managing_ai_projects-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/12-step-program_for_successfully_managing_ai_projects-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/12-step-program_for_successfully_managing_ai_projects-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/12-step-program_for_successfully_managing_ai_projects-f.png 1280w" alt="Graphic listing 12 steps to successfully manage an AI project." height="330" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>CAIOs play an integral role in every facet of an AI project. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="CAIO business benefits"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CAIO business benefits</h2> <p>Ideally, the CAIO finds AI opportunities, shapes AI strategies, drives the rapid design, implementation and adoption of AI initiatives, and mitigates AI's ethical and regulatory risks, all while ensuring an <a href="https://www.techtarget.com/searchenterpriseai/feature/10-AI-business-use-cases-that-produce-measurable-ROI">AI project delivers measurable ROI</a>. A CAIO dedicated to these responsibilities provides eight notable business benefits.</p> <h3>1. Technical AI expertise</h3> <p>CAIOs bring a deep understanding of data science, machine learning, software development, and the local and cloud infrastructure needed to create, deploy and operate AI systems. They have been involved in AI initiatives for years in one capacity or another and demonstrate a successful project track record.</p> <h3>2. Strategic AI vision and alignment</h3> <p>AI is no longer just a science project. CAIOs understand the capabilities and limitations of AI technologies. They see AI as a competitive differentiator and can build realistic AI strategies that align with tangible business objectives. If the business goal is workflow speed and efficiency, for example, CAIOs will ensure AI projects deliver those benefits with measurable metrics.</p> <h3>3. Centralized AI leadership</h3> <p>As AI moves from pilot projects to essential business platforms, stakeholders are eager to realize the benefits of AI systems. CAIOs are pivotal in determining an AI project's success relative to an organization's business goals. Some organizations emphasize innovation and implementing <a href="https://www.techtarget.com/searchenterpriseai/tip/Top-generative-AI-tool-categories">new ways to use AI technologies</a>, some focus on bottom-line returns, and others weigh innovation and ROI equally.</p> <h3>4. Faster AI innovation</h3> <p>CAIOs have the experience, expertise and leadership to recognize the potential for AI innovation and guide the most valuable initiatives to successful implementation. In the process, they can stop fragmented, inefficient or delayed AI initiatives that can <a href="https://www.techtarget.com/searchenterpriseai/feature/AI-deployments-gone-wrong-The-fallout-and-lessons-learned">waste time, money and talent</a>.</p> <h3>5. Reduced AI risk</h3> <p>AI depends on collected, stored, processed and protected data. CAIOs understand data storage and security requirements. They know how to properly secure data used in AI systems, using both conventional and AI-driven techniques, such as synthetic data generation and data anonymization. CAIOs also can ensure an operational AI system safeguards sensitive data delivered to employees, partners, customers and users.</p> <h3>6. Improved AI compliance</h3> <p>AI systems are increasingly scrutinized across a range of regulatory demands for accuracy, bias mitigation and fairness, use, and transparency in training data and algorithmic behaviors. CAIOs understand this <a href="https://www.techtarget.com/searchenterpriseai/feature/AI-regulation-What-businesses-need-to-know">increasingly complex regulatory environment</a> and can establish frameworks, policies and metrics to proactively address local, regional and national AI legislation.</p> <h3>7. Optimized AI data quality</h3> <p>Data that's complete, correct, timely and relevant <a href="https://www.techtarget.com/searchenterpriseai/feature/Optimize-AI-models-to-generate-more-bang-for-your-buck">produces better AI model training</a>, more accurate AI behaviors and superior AI outcomes for users. CAIOs recognize the fundamental importance of quality data and work closely with data science experts to ensure data collection, storage, processing and monitoring is properly governed and refined to train and operate AI systems.</p> <h3>8. Worker displacement and upskilling</h3> <p>AI will displace some employees and <a href="https://www.techtarget.com/searchenterpriseai/feature/How-GenAI-deployments-are-redefining-everyday-work-routines">create new job opportunities for others</a>. CAIOs can identify the AI skills necessary for employees to succeed at their jobs, help develop relevant AI training regimens and create transitional employment plans that include upskilling and retraining valuable employees to work alongside AI systems and platforms.</p> <p><a href="https://cdn.ttgtmedia.com/rms/onlineimages/10_ways_ai_can_increase_revenue-f.png"></a></p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/10_ways_ai_can_increase_revenue-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/10_ways_ai_can_increase_revenue-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/10_ways_ai_can_increase_revenue-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/10_ways_ai_can_increase_revenue-f.png 1280w" alt="Graphic listing 10 ways AI can increase revenue." height="314" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>CAIOs are under increasing pressure to measure AI deployment success by ROI. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="CAIO qualifications and requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CAIO qualifications and requirements</h2> <p>What does it take to become a CAIO? The answer can be tricky for several reasons, including the following:</p> <ul class="default-list"> <li>The CAIO role is a strategic necessity, yet relatively new.</li> <li>AI technology <a href="https://www.techtarget.com/searchenterpriseai/feature/The-future-of-generative-AI-Trends-to-follow">continues to evolve at a breakneck pace</a>.</li> <li>AI's associated risks, such as compliance and liability, still aren't fully understood.</li> <li>The underlying needs and capabilities of every business can vary.</li> </ul> <p>Just like AI itself, the CAIO role is a moving target. Finding and hiring a qualified CAIO poses unanticipated challenges for any organization, but there are common characteristics and qualifications businesses can consider when adding a CAIO to the C-suite.</p> <p>CAIOs typically hold advanced degrees in ML, computer science or data science. Their experience can span many years, including senior roles in engineering and leadership positions, such as a chief data officer and CTO. They typically have direct experience in GenAI, natural language processing, ML algorithms, MLOps and data security.</p> <p>CAIOs should also possess the business acumen to create long-term AI strategies that align with an organization's goals. Their leadership and communication skills make them excellent educators and advocates for AI implementation and adoption. As experts in <a href="https://www.techtarget.com/searchenterpriseai/feature/Top-resources-to-build-an-ethical-AI-framework">AI ethics</a> and governance, they can establish policies and procedures that meet data privacy, bias mitigation and regulatory requirements for AI systems.</p> <p><i>Stephen J. Bigelow, senior technology editor at TechTarget, has more than 30 years of technical writing experience in the PC and technology industry.</i></p> </section> GenAI's infiltration into virtually every aspect of business demands the C-suite make room for a CAIO focused on AI development, strategy, implementation, education and governance. https://cdn.ttgtmedia.com/rms/onlineimages/keys_a150731005.jpg https://www.techtarget.com/searchenterpriseai/feature/C-suite-shakeup-Demand-for-chief-AI-officers-accelerates Fri, 13 Mar 2026 14:14:00 GMT <p>In a serious setback to the <a href="https://www.computerweekly.com/resources/Hackers-and-cybercrime-prevention" target="_blank" rel="noopener">cyber criminal underground</a>, an Interpol-led operation spanning 72 countries and territories has successfully neutralised more than 45,000 malicious IP addresses and servers, seized over 200 devices, and seen 94 people taken into custody, with well over 100 others still under investigation.</p> <p>Dubbed <a href="https://www.interpol.int/" target="_blank" rel="noopener">Operation Synergia III</a>, the action – which unfolded over a six-month period starting in mid-July 2025 – targeted the infrastructure used in cyber fraud, phishing, malware and ransomware campaigns.</p> <p>Interpol hailed a major cross-border collaborative effort that saw data transformed into actionable intelligence, enabling it to provide tactical operational assistance to police forces all over the world, including in the UK. Technical support was provided by private sector cyber companies including <a href="https://www.group-ib.com/" target="_blank" rel="noopener">Group-IB</a>, <a href="https://www.trendmicro.com/en_gb/business.html" target="_blank" rel="noopener">Trend Micro</a>, and <a href="https://s2w.inc/en" target="_blank" rel="noopener">S2W</a>.</p> <p>“Cyber crime in 2026 is more sophisticated and destructive than ever before, but Operation Synergia III stands as a powerful testament to what global cooperation can achieve,” said Interpol Cybercrime Directorate director Neal Jetton.</p> <p>“Interpol remains at the forefront of this fight, uniting law enforcement agencies and private sector experts to dismantle criminal networks, disrupt emerging threats and protect victims around the world.”</p> <p>Group-IB CEO Dmitry Volkov added: “Cyber criminal groups rely on complex infrastructure to scale phishing and malware operations globally.</p> <p>“Operation Synergia III&nbsp;demonstrates&nbsp;how close cooperation between law enforcement agencies and private-sector partners can significantly disrupt these networks. By sharing intelligence on malicious infrastructure and attacker tactics, Group-IB&nbsp;remains&nbsp;committed to supporting global efforts to dismantle cybercrime operations and protect organizations and individuals worldwide.”&nbsp;</p> <p>Many investigations conducted under the auspices of Operation Synergia III are still in progress and cannot yet be publicly discussed. However, Interpol shared some details of a few cases.</p> <p>In Macau in China, for example, law enforcement identified and targeted 33,000 fraudulent websites, many relating to the gambling industry for which Macau is world-famous, but also financial services and governments. The websites were used to siphon money and personal data from scam victims.</p> <p>Meanwhile, in Togo in Western Africa, authorities arrested 10 suspected of operating a fraud ring from a residential property – specialising in a variety of crimes from hacking social media accounts to romance scams and sextortion, and in Bangladesh, police arrested 40 and seized over 130 devices used in credit card fraud, identity theft, and loan and job scams.</p> <p>Robert McArdle, director of cyber crime research at Trend Micro’s TrendAI, said: “Behind every malicious server or phishing kit sits a wider criminal ecosystem that needs to be mapped and understood before arrests become possible.</p> <p>“Our support for <a href="https://www.computerweekly.com/news/366639642/Tycoon2FA-phishing-platform-dismantled-in-major-operation" target="_blank" rel="noopener">investigations such as Tycoon2FA</a>, and contributions to operations like this one led by Interpol, demonstrates how actionable threat intelligence can help authorities identify infrastructure, connect actors and disrupt cyber criminal networks at scale.”</p> <section class="section main-article-chapter" data-menu-title="Latest iteration of a serial operation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Latest iteration of a serial operation</h2> <p>As its name suggests, Operation Synergia III is the third in a series of Interpol actions against organised cyber crime.</p> <p>The previous action, <a href="https://www.interpol.int/News-and-Events/News/2024/INTERPOL-cyber-operation-takes-down-22-000-malicious-IP-addresses" target="_blank" rel="noopener">Operation Synergia II</a>, unfolded in 2024 and similarly resulted in the sinkholing of thousands of malicious IP addresses and servers, and at least 40 known arrests.</p> <p>Operation Synergia II was similarly globe-trotting, with known actions taking place in Hong Kong, Mongolia, Macau, Madagascar and Estonia.</p> <p>The first action in the series, <a href="https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-led-operation-targets-growing-cyber-threats" target="_blank" rel="noopener">in late 2023</a>, targeted the command and control (C2) server infrastructure so beloved of cyber criminal gangs.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about cyber crime</h3> <ul class="default-list"> <li>The UK’s Online Crime Centre, launching in April 2026, will bring together government, police, intelligence agencies, banks, mobile networks and tech firms to take coordinated action <a href="https://www.computerweekly.com/news/366639897/UK-to-launch-cyber-fraud-squad-in-April" target="_blank" rel="noopener">against cyber fraud</a>.</li> <li>A Europol-led sting against the infamous Tycoon2FA MFA bypass phishing service has been successful, with operations disrupted and ringleaders <a href="https://www.computerweekly.com/news/366639642/Tycoon2FA-phishing-platform-dismantled-in-major-operation" target="_blank" rel="noopener">and cyber criminal users identified</a>.</li> <li>RAMP, an infamous Russian-speaking cyber crime forum, has gone off the air <a href="https://www.computerweekly.com/news/366637992/RAMP-ransomware-forum-goes-dark-in-probable-FBI-sting" target="_blank" rel="noopener">after an apparent US operation</a>.</li> </ul> </div> </div> </section> A major Interpol operation has resulted in the seizure of thousands of malicious cyber criminal IP addresses and servers, and multiple arrests. https://cdn.ttgtmedia.com/visuals/German/article/hacker-network-adobe.jpg https://www.computerweekly.com/news/366640293/Interpol-obliterates-cyber-criminal-infrastructure Fri, 13 Mar 2026 13:30:00 GMT <p>As security leaders rush to implement <a href="https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise-cybersecurity" target="_blank" rel="noopener">the latest AI threat detection tool</a> or zero-trust framework, they too often overlook that the traditional office network, once a single, definable boundary, no longer exists. Employees now work from anywhere. Applications are hosted across multiple clouds and countless devices connect to the internet. Today, the internet itself functions as the main corporate network, making the old add another firewall approach practically useless. Addressing this reality requires rethinking architecture, starting with the network itself.&nbsp;</p> <p>The enterprise network model has shifted from a centralised,&nbsp;contained&nbsp;system <a href="https://www.computerweekly.com/news/366621553/Surging-cyber-threats-drive-IT-directors-to-decentralised-networks" target="_blank" rel="noopener">to a decentralised, open one</a>. In the past, valuable assets were stored inside a trusted corporate network, much like cash in a bank vault. Now, assets are distributed everywhere. On laptops in coffee shops, in SaaS applications and across multiple clouds. They are no longer vaulted. They are&nbsp;operating&nbsp;in the equivalent of a public square.&nbsp;&nbsp;</p> <p>Attempting to secure this environment with methods that worked in the past no longer does the job. Complicating matters, many vendors market ‘unified’ platforms that are merely collections of&nbsp;acquired&nbsp;products stitched together. This integration theatre gives the illusion of a comprehensive solution but lacks the truly unified architecture needed to manage a distributed environment, leaving gaps that increase complexity and risk.&nbsp;</p> <p>If you’re a <a href="https://www.techtarget.com/searchsecurity/feature/Should-a-CISO-have-an-MBA" target="_blank" rel="noopener">chief information security officer</a> (CISO), it's time to rethink your strategy. The focus must move from guarding a fixed perimeter to securing assets wherever they travel. CISOs now face two strategic decisions. First, to distinguish solutions offering true, deep integration from those that are merely integration theatre. And second, to architect a genuinely unified platform that builds resilience. Making the right choices will ultimately be what separates a costly security incident from a business that earns and keeps customer trust.&nbsp;</p> <section class="section main-article-chapter" data-menu-title="Spotting a truly unified platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Spotting a truly unified platform&nbsp;</h2> <p>For CISOs, the key is understanding what sets a truly unified platform apart.&nbsp;It’s&nbsp;more than a slick interface layered over a patchwork of tools. This type of approach often conceals systems that&nbsp;weren't&nbsp;designed to work together, creating gaps that increase complexity and risk. A genuinely integrated platform&nbsp;operates&nbsp;as a single, cohesive system, with security policies, data and controls built in from the network layer up.&nbsp;&nbsp;</p> <p>Evaluating a platform requires going back to fundamentals of cybersecurity. Does it&nbsp;provide&nbsp;a consistent view of all activity across the network, cloud&nbsp;applications&nbsp;and security systems? Can security rules be applied centrally across the organisation&nbsp;without gaps? Does it connect easily with other essential tools to allow smooth, two-way communication?&nbsp;</p> <p>A superficial platform may offer a unified dashboard, but a true digital fabric provides unified control and visibility at its very core.&nbsp;</p> </section> <section class="section main-article-chapter" data-menu-title="Building resilience by distributing security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Building&nbsp;resilience by distributing security&nbsp;</h2> <p>A common concern I hear from security leaders is that relying on one cyber security platform creates a single point of failure. Modern platforms address this by distributing security across the network rather than centralising risk. This is achieved by separating the management plane (where rules are created) from the enforcement plane (where rules are applied). A well-designed strategy uses a global network of <a href="https://www.computerweekly.com/news/366635495/SASE-SD-WAN-evolve-as-enterprises-prioritise-unified-network-security" target="_blank" rel="noopener">secure access service edge</a> (SASE) points to enforce policies close to the user, reducing latency and containing threats regionally.&nbsp;</p> <p>The challenge then shifts to operational capability. Managing a complex global infrastructure is demanding, especially while the cyber industry is grappling with talent shortages. In the UK,&nbsp;<a target="_blank" href="https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2025" rel="noopener">nearly half of businesses</a>&nbsp;(49%) lack basic technical cybersecurity skills, making a full SASE model feel out of reach for many teams.&nbsp;As a result, the focus is shifting from technology alone to how teams&nbsp;operate&nbsp;it. With stretched resources, CISO’s priority should be designing architectures that embed automation and intuitive policies, making advanced security practical even when skills are limited.&nbsp;</p> <p>This is driving the adoption of Edge Distribution Platforms (EDPs), which combine content delivery, compute, and security into a unified architecture at the network’s edge. By integrating these functions EDPs provide the low-latency performance and scale needed to run real-time AI applications securely.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">The Computer Weekly Security Think Tank on platformisation</h3> <ul style="list-style-type: square;" class="default-list"> <li>Stephen McDermid, Okta:&nbsp;<a href="https://www.computerweekly.com/opinion/Open-cyber-standards-key-to-cross-platform-integration" target="_blank" rel="noopener">Open cyber standards key to cross-platform integration</a>.</li> <li>Aditya K Sood, Aryaka:&nbsp;<a rel="noopener" target="_blank" href="https://www.computerweekly.com/opinion/Platformisation-without-illusion-Separating-integration-from-theatre">Platformisation without illusion: Separating integration from theatre</a>.</li> <li>Martin Riley, Bridewell Consulting: <a href="https://www.computerweekly.com/opinion/Strong-security-balances-consolidation-and-best-of-breed-capabilities" target="_blank" rel="noopener">Strong security balances consolidation and best-of-breed capabilities</a>.&nbsp;</li> </ul> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="Making governance and compliance sustainable"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Making governance and compliance sustainable&nbsp;&nbsp;</h2> <p>A unified platform is only as effective as the governance framework supporting it. CISOs should ground their strategy in established approaches that are tried and tested, such as the&nbsp;<a target="_blank" href="https://www.gov.uk/government/publications/cyber-governance-mapping/mapping-cyber-governance-code-to-nist-cyber-security-framework" rel="noopener">NIST Cybersecurity Framework</a>&nbsp;or implementing zero-trust principles. The value of an integrated platform here is its ability to turn governance from a manual, time consuming exercise into an automated, ongoing process.&nbsp;</p> <p>Consider the effort involved in preparing an audit for a global company. Proving compliance across any organisation often involves months of manual evidence collection.&nbsp;A truly integrated platform turns months of manual evidence-gathering into continuous insight, letting teams&nbsp;anticipate&nbsp;and mitigate risks before they become compliance issues.&nbsp;</p> </section> <section class="section main-article-chapter" data-menu-title="The real test: handling a complex threat"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The real test: handling a complex threat&nbsp;</h2> <p>The best way to be certain of a platform’s resilience is to test it with a realistic scenario. Tabletop exercises should simulate threats that move across multiple parts of the business. For instance, if an attacker compromises a cloud account and&nbsp;attempts&nbsp;to move into the corporate network, a siloed security stack may&nbsp;fail to&nbsp;detect the activity. A unified platform, however, sees both cloud and network traffic,&nbsp;identifies&nbsp;the attack pattern, and enforces policies automatically. This shows you the difference between a simple collection of tools and a resilient digital ecosystem.&nbsp;</p> <p>In a world where risks are everywhere and trust is fragile, the decisions CISOs make&nbsp;have the ability to&nbsp;define the value of an enterprise. These principles give them a framework to turn security into a strategic advantage because at the end of the day, stopping threats is only one part of the CISO’s job; building a resilient, trusted, and forward-looking business is the&nbsp;ultimate goal.&nbsp;</p> <p><em>Vaibhav Dutta is vice president and global head of cyber security products and services at <a href="https://www.tatacommunications.com/" target="_blank" rel="noopener">Tata Communications.</a></em></p> </section> The Security Think Tank looks at platformisation, considering questions such as how CISOs can distinguish between a truly integrated platform and 'integration theater, and how to protect unified platforms. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Security-Think-Tank-hero.jpg https://www.computerweekly.com/opinion/How-CISOs-can-build-a-truly-unified-and-resilient-security-platform Fri, 13 Mar 2026 12:57:00 GMT <p>Docker is bringing AI agents, created as a safer alternative to the wildly popular OpenClaw, into its sandboxes, further shoring up their isolation from other processes and data for business use.</p> <p>OpenClaw, an <a href="https://www.techtarget.com/searchcio/feature/OpenClaw-and-Moltbook-explained-The-latest-AI-agent-craze">open source AI personal assistant</a>, launched in November 2025 as Clawdbot (which quickly ran afoul of Anthropic's Claude Code branding, leading to its name change) and amassed more than 20,000 GitHub stars in its first three months. It gave rise to a new category of "AI claw" agents, which run on local machines and use tools and apps installed there to take action on the user's behalf with minimal supervision.</p> <p>The potential risks of OpenClaw rose almost as quickly as its popularity -- one <a target="_blank" href="https://www.404media.co/meta-director-of-ai-safety-allows-ai-agent-to-accidentally-delete-her-inbox/" rel="noopener">high-profile report</a> in February featured Meta's director of AI safety racing to stop OpenClaw from deleting her email inbox. Bad actors took advantage of the tool's popularity to conduct <a target="_blank" href="https://www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users" rel="noopener">software supply chain attacks</a>. OpenClaw's default access to the entire local machine, plus its ability to communicate externally and its persistent memory, added up to major risks, including the installation of malware.</p> <p>"OpenClaw was developed as a POC [proof of concept] by one guy who never intended it to go viral and be used in production," said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget. "Because it was a POC he did not worry about optimizing the architecture for security, but optimized the entire OpenClaw platform for functionality, ease of use and simple extensibility."</p> <section class="section main-article-chapter" data-menu-title="NanoClaw, Docker team up on 'AI claw' for businesses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>NanoClaw, Docker team up on 'AI claw' for businesses</h2> <p>Into this picture stepped a new project, NanoClaw, developed by two brothers, Lazer and Gavriel Cohen, that wraps a stripped-down version of the Claude Code agent in a containerized orchestration layer. That project, launched in February, has garnered 20,000 GitHub stars and 100,000 downloads. It uses containers as a barrier between the AI agent and the local machine's OS to prevent it from having unbounded access to the entire machine.</p> <p>"The OpenClaw moment is not about bringing something new to the table, but it's about connecting things that were already there and unlocking the capabilities that have been building for a long time with AI agents," said Gavriel Cohen, in an interview with TechTarget this week. "As soon as you see that vision, someone like me is able to come in and say, 'Okay, I could build this in a way that's actually secure and that could work for businesses, and could be production-ready.'"</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The infrastructure for the world needs to catch up with where AI agents are -- quite pointedly, agents break the container model. </figure> <figcaption> <strong>Mark Cavage</strong>President and COO, Docker Inc. </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>A new partnership between Cohen's new company, NanoCo, and Docker Inc. will further shore up NanoClaw's security and connect it with the <a href="https://www.techtarget.com/searchsoftwarequality/news/366627318/Docker-Compose-up-now-includes-AI-agents">Docker toolchain</a> that's already in use by enterprises.</p> <p>Specifically, Docker will support NanoClaw in its Docker Sandboxes product, said Mark Cavage, president and COO at Docker, in an interview with TechTarget. Docker Sandboxes are <a target="_blank" href="https://www.docker.com/blog/docker-sandboxes-run-claude-code-and-other-coding-agents-unsupervised-but-safely/" rel="noopener">an experimental feature</a> in Docker Desktop that run AI agents in a <a href="https://www.techtarget.com/searchsecurity/definition/micro-VM-micro-virtual-machine">microVM</a> on the local machine, further isolating them from the main OS.</p> <p>"The infrastructure for the world needs to catch up with where AI agents are -- quite pointedly, agents break the container model," Cavage said. "The ecosystem of containers <a href="https://www.techtarget.com/searchitoperations/definition/immutable-infrastructure">assumes immutability</a> -- you build an image, you ship it, and you don't touch it at runtime. But the very first thing an agent does is, it wants to go mutate its environment. It wants to install packages. It wants to modify files. It wants to spin up databases. So you actually want something that is a bigger isolation boundary than a process jail, which is what Docker containers have been built on."</p> <p>Running NanoClaw's container-based orchestration within a microVM protects against container escapes by AI agents, making it more difficult for attackers to use them to exploit vulnerabilities and defending against potentially damaging actions by the agents themselves.</p> <p>"NanoClaw uses Docker Sandboxes to implement a modular architecture where individual agents, skills and processes are isolated based on centralized security policies that also define how these sandboxes can talk among one another," Volk said.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/nanoclaw_founders-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/nanoclaw_founders-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/nanoclaw_founders-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/nanoclaw_founders-f.jpg 1280w" alt="NanoClaw founders Lazer and Gavriel Cohen" data-credit="NanoCo" height="373" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Lazer and Gavriel Cohen, creators of the NanoClaw AI agents project. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="NemoClaw in the wings?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>NemoClaw in the wings?</h2> <p>The development of new AI agent tools still hasn't slowed down -- no sooner did the Cohen brothers' AI marketing startup pivot to NanoClaw than <a target="_blank" href="https://www.wired.com/story/nvidia-planning-ai-agent-platform-launch-open-source/" rel="noopener">reports surfaced</a> this week about NemoClaw, a planned "claw" agent from AI powerhouse Nvidia, also built with enterprise security in mind. Those reports remain unconfirmed, but Nvidia is widely expected to divulge more details next week at its GTC conference.</p> <p>Docker will remain platform agnostic, Cavage said. It also supports AI agents including Claude Code, OpenClaw and <a href="https://www.techtarget.com/searchsoftwarequality/news/366627715/AWS-Kiro-coding-agents-highlight-spec-driven-development">AWS Kiro</a>.</p> <p>Cohen predicted that what ultimately wins out among "claw" agents will depend on how easy it is to acquire and use for businesses.</p> <p>"I think for businesses out there, there's still a lot of confusion or uncertainty about how to connect these agents and how to build it out and how to make it secure," he said. "What's going to work for businesses and for enterprises is not going to be about being the most secure. It's about building [something] that they can understand and reason about and easily deploy and figure out how to get quick value out of … that's what we're aiming to build."</p> <p>NanoClaw development also continues apace, including plans for additional co-developed features with Docker.</p> <p>"AI agents are going to need more and more things," Cavage said. "And you'd expect to be able to run sandboxes cheaply, easily in various places, let these things recursively spin up and so on."</p> <p><i>Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? </i><a href="mailto:beth.pariseau@informatechtarget.com?subject=News%20tip"><i>Email her</i></a><i>.</i></p> </section> The minimal, containerized alternative to the viral OpenClaw gets an added dose of isolation from Docker microVMs, as 'AI claws' proliferate. https://cdn.ttgtmedia.com/rms/onlineimages/storage_g922017556.jpg https://www.techtarget.com/searchitoperations/news/366640195/NanoClaw-AI-agents-find-a-home-in-Docker-Sandboxes Fri, 13 Mar 2026 12:26:00 GMT <p>While a majority of U.S. physicians are using AI in their practice, physicians are only cautiously optimistic about their use, citing concerns around patient privacy and skill loss, <a href="https://www.ama-assn.org/press-center/ama-press-releases/ama-ai-usage-among-doctors-doubles-confidence-technology-grows">according to a new survey</a> by the American Medical Association, or AMA.</p> <p>The AMA polled 2,051 U.S. physicians for the <a href="https://www.ama-assn.org/system/files/physician-ai-sentiment-report.pdf">2026 Physician Survey on Augmented Intelligence</a>. The association has conducted the survey annually since 2023.&nbsp;</p> <p>The survey revealed that the proportion of physicians using AI increased to 72% in 2026, up from 48% in 2024 and 38% in 2023. The average number of AI use cases per physician also increased from 1.1 in 2023 to 2.3 in 2026.</p> <p>Summarizing medical research and standards of care is the most popular AI use case, with 39% of respondents reporting that they use AI for this purpose. Other popular use cases include creation of discharge instructions, care plans and/or progress notes (30%), documentation of billing codes, medical charts or visit notes (28%) and generation of chart summaries (28%).</p> <p>Physicians cited numerous benefits of AI use, including enhanced work efficiency and diagnostic accuracy, as well as reduced cognitive overload. In fact, 73% of physicians believe that AI can help reduce administrative workload through automation, and 70% report that AI will help offload or replace some clinical tasks, relieving drivers of burnout.</p> <p>However, despite the overall increase in utilization, physicians remain cautious about AI use. Only 37% of physicians reported being more excited than concerned about the increased use of AI in their professional lives, a marginal increase from 35% in 2024.</p> <p>Patient privacy remains a top concern among physicians regarding AI use, with 41% reporting that AI use will harm patient privacy. Meanwhile, physicians are split on whether AI use will harm or help the physician-patient relationship, with 34% reporting the former and 38% the latter. Additionally, 88% of respondents said they are concerned about skill loss, with 70% of current medical students and residents concerned about it.</p> <p>Data privacy assurances from their employer and EHR vendor (70%) and validation of AI safety and efficacy by a trusted entity, along with continuous monitoring (66%), were the top two factors cited for facilitating physician adoption of AI tools. &nbsp;</p> <p>Additionally, physicians want <a href="https://www.techtarget.com/healthtechanalytics/feature/How-health-systems-are-facilitating-AI-governance">a clear liability framework</a>, post-market surveillance of AI tools, including adverse event reporting and technology audits, and more oversight of AI-enabled medical devices by governing bodies, such as the FDA, the survey showed.</p> <p>Physicians also reported that education and <a href="https://www.techtarget.com/healthtechanalytics/feature/6-clinician-training-strategies-for-AI-clinical-decision-support">training on AI tools</a> have not been extensive. A vast majority of respondents (92%) expressed interest in receiving more training. They want to receive this training as part of their EHR training (49%), as they are doing their job (46%), through an online continuing education course 40%) or in a live sandbox environment (39%).</p> <p>Further, physicians want a voice in their organization's AI decisions. More than half (55%) want to be consulted on these decisions, and 30% want responsibility for implementation.</p> <p>"AI has quickly become part of everyday medical practice. Physicians see real promise in its ability to support clinical decisions and cut down on administrative burden. But as this technology advances, it is critical that augmented intelligence be designed to enhance -- not replace – physicians," said AMA CEO John Whyte, M.D., in the press release. "For doctors to trust and use these tools, they must be safe, effective, and used responsibly so they truly improve patient care."</p> <p><i>Anuja Vaidya has covered the healthcare industry since 2012. She currently covers the virtual healthcare landscape, including telehealth, remote patient monitoring and digital therapeutics.</i></p> AI utilization among U.S. physicians has doubled since 2023, but physicians highlighted the need for data privacy and validation of AI safety as key drivers of adoption in a new survey. https://cdn.ttgtmedia.com/rms/onlineimages/health%20analytics_a180336884.jpg https://www.techtarget.com/healthtechanalytics/news/366640254/Data-privacy-AI-safety-assurances-key-to-physician-adoption-of-AI Fri, 13 Mar 2026 11:47:00 GMT <p>In a further boost to the UK government’s Shared Rural Network (SRN) roll-out, a publicly funded 4G mast has gone live on the Scottish island of Islay, addressing one of Scotland’s most persistent mobile not-spots and bringing mobile service from all operators to parts of the island that previously had no signal from any operator.</p> <p>The site was built by <a href="https://www.computerweekly.com/news/366634853/EE-claims-5G-standalone-coverage-leadership">UK mobile leader EE</a>, and will deliver commercial coverage from all of the country’s mobile operators to island residents, businesses and visitors across parts of Kilchoman, Machrie, Rockside, Aruadh, Ballinaby, Smaull, Braigo, Sanaigmore, Carnduncan, Grainel, Lyrabus, Gruinart and Craigens. It also provides new coverage to 14km of roads, paths and tracks.</p> <p>For the first time, what is said to be reliable 4G from all operators is now available at key locations, including Machir Bay, Saligo Bay, Loch Gorm and Cultoon Stone Circle, as well as along the western coast of Islay. EE says this increased coverage improves safety for those travelling or working in remote areas, including seafarers and fishermen passing by and working near the island.</p> <p>Island communities have long experienced mobile coverage challenges, and addressing total not-spots is a key focus of the <a href="https://www.computerweekly.com/news/252472883/UK-government-proposes-13bn-scheme-to-improve-rural-mobile-coverage">£1.3bn Shared Rural Network (SRN) programme</a>. Launched in 2020, the SRN is a joint initiative between the government and the UK’s mobile network operators – EE and Virgin Media O2 (VMO2), as well as <a href="https://www.computerweekly.com/news/366633582/VodafoneThree-network-sharing-unlocks-significant-coverage-improvements">Three and Vodafone before their merger</a>&nbsp;– to extend 4G connectivity to 95% of the UK’s landmass by the end of 2025. The founding principle is that through both public and private investment, new and existing phone masts will be built or upgraded across the UK to close down so-called <a href="https://www.computerweekly.com/news/366558677/Stark-digital-comms-divide-between-UK-rural-and-urban-areas">rural mobile not-spots</a>.</p> <p>Under the scheme, the four operators committed to improving 4G coverage and levelling up connectivity across the UK, which has seen them invest in a shared network of new and existing phone masts, overseen by jointly owned company <a href="https://dmsluk.com/">Digital Mobile Spectrum Limited</a>. The operators’ £532m investment has been complemented by more than £501m in government funding.</p> <p>The SRN is also seeing UK government investment of £184m to upgrade extended area service (EAS) masts – originally built to support the <a href="https://www.computerweekly.com/news/366585817/CGI-selected-to-streamline-UK-ESN-programme">Emergency Services Network</a> – to provide coverage from all four mobile operators. Mobile operators have invested more than £500m to target “partial not-spots” across the UK, where customers can only access 4G if they are signed up with a mobile network operator that is active in the area.</p> <p>The new mast on Islay is located near Kilchoman, on the west of the island, and was delivered under the publicly funded total not-spot element of the SRN programme. The mast on Islay was first identified as a potential site under <a href="https://www.computerweekly.com/news/366562195/EE-fulfils-4G-coverage-commitments-in-remote-Scottish-islands">the Scottish Government’s S4GI programme</a>, which funded acquisition activities such as securing planning and landowner consents.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the SRN</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366639807/Shared-Rural-Network-scheme-hits-mast-upgrade-milestone-in-Wales">Shared Rural Network scheme hits mast upgrade milestone in Wales</a>: Latest expansion of government’s £1.3bn mobile coverage scheme sees significant expansion of mast construction in rural parts of Wales from all four UK operators.</li> <li><a href="https://www.computerweekly.com/news/366639343/UK-direct-to-device-satellite-connectivity-takes-off-with-Virgin-Media-O2">UK direct-to-device satellite connectivity takes off with Virgin Media O2</a>: Leading UK mobile operator switches on pace comms service in a move to make UK the first country in Europe to go live with direct-to-cell satellite mobile data connectivity.</li> <li><a href="https://www.computerweekly.com/news/366639281/Improved-UK-mobile-could-add-66bn-to-economy">Improved UK mobile could add £6.6bn to economy</a>: Research finds improved mobile connectivity could deliver massive annual boost to UK economy by enabling tens of thousands of new businesses.</li> <li><a href="https://www.computerweekly.com/news/366636757/UK-mobile-improves-but-digital-divides-persist">UK mobile improves but digital divides persist</a>: Mobile network analyst finds UK-wide median mobile download speed rose 15% year-on-year to 63.03Mbps in 2025, while upload speeds improved from 7.80 to 8.21Mbps.</li> </ul> </div> </div> <p>The coverage has been described as important by local business <a href="https://www.kilchomandistillery.com/">Kilchoman Distillery</a>. “I think people on the mainland take reliable 4G connectivity for granted, but we certainly don’t,” said Islay Heads, the distillery’s general manager. “From a business perspective, our visitors are now able to post reviews and photos before they leave the site, something guests often forgot to do before, as they had to wait until they had a mobile signal.</p> <p>“We can also now run live presentations and tastings from areas outside the distillery, which allows more people to see how our traditional farm distilling process works,” he added. “It makes our ability to communicate with suppliers and team members much quicker as well. In modern business, these sorts of efficiencies are important to our overall success as a local enterprise and international brand.”</p> <p>Ben Roome, CEO of SRN delivery partner <a href="https://movauk.com/our-work/rural-mobile-coverage/">Mova</a>, said: “People want a connection they can rely on, wherever they are. In less-populated, rural areas, modern 4G does that brilliantly. This site brings mobile broadband to parts of Islay that haven’t had it, making day‑to‑day life a bit easier for the people who live, work and visit.”</p> <p>The second total not-spot site follows the first <a href="https://www.computerweekly.com/news/366615656/VMO2-claims-SRN-TNS-first-in-South-Uist">going live on Uist</a>, and the December 2025 announcement of all mobile operators delivering public coverage from 100 shared EAS masts. In addition to the two total not-spots (TNS) sites live in Scotland, there are also 41 EAS Scottish sites live which make use of existing Home Office emergency services masts to support commercial coverage from all operators. More TNS and EAS sites in rural areas across Scotland are projected to go live in the coming months.</p> Latest development in £1.3bn mobile expansion scheme sees mobile not-spots reduced on Scottish island as 4G site goes live, providing coverage from all mobile operators for the first time https://cdn.ttgtmedia.com/rms/computerweekly/SRN-Islay-hero.jpg https://www.computerweekly.com/news/366640234/Shared-Rural-Network-expansion-removes-Islay-not-spots Fri, 13 Mar 2026 11:45:00 GMT <p>UK Research and Innovation (UKRI) spent £1.17bn on on research infrastructure in 2024-25, but fragmented funding and “too optimistic” business cases have led to key projects suffering delays, according to a report by the National Audit Office (NAO).</p> <p>The report on the UKRI highlights that while there has been significant improvement in oversight with a more consistent approach to funding, several areas still require improvement.</p> <p><a href="https://www.computerweekly.com/news/366639312/UKRI-sets-out-strategy-to-make-the-UK-an-AI-leader-by-2031">The UKRI</a> is sponsored by the Department for Science, Innovation and Technology (DSIT), and the department has began to take a more active role in its work and identified three broad priorities for the research and development (R&amp;D) system, according to the NAO.</p> <p>Commenting on the report, NAO head Gareth Davies said <a href="https://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/Back-to-square-one-at-DSIT-just-as-government-tech-policy-needs-to-deliver">DSIT</a> and UKRI have been “making headway on the oversight and management of research infrastructure to support strategic government priorities. But a number of key risks remain to government’s ambition for the UK to be one of the top three places in the world to create, invest in and scale-up a fast-growing technology business.”</p> <p>One of the key issues, according to the auditor, is that UKRI is not managing its research infrastructure as an integrated portfolio. “Managing projects and other activities as a portfolio allows organisations to maximise the likelihood that they achieve their intended outcomes regardless of the performance of individual components of the portfolio,” the report said.</p> <p>It added that while the organisation is trying to apply portfolio management techniques to the 30 projects part of the Infrastructure Fund, it is struggling to do so due to the “inflexibility of the funding arrangements”, which meant there limitations on moving money between projects or prioritising the most strategically important investments.</p> <p>Between November 2023 and July 2025, projects were not allowed to bring spending forward, despite knowing other projects were developing slower than planned, which resulted in an £18m underspend.</p> <p>The 30 projects have a combined expected cost of £2.04bn, and £451m had been spent by March 2025.</p> <p>The report also highlighted concerns regarding <a href="https://www.computerweekly.com/news/366627724/UK-government-plans-to-ramp-up-sovereign-computer-capacity">the UK’s supercomputing abilities</a>, warning that the country has fallen behind international competitors due to delays in replacing the ageing Archer2 system and procuring a new supercomputer. It added that there was no overarching replacement strategy until recently.</p> <p>“The UK’s supercomputers have lagged behind those available to researchers in other countries in recent years. The cost of building and operating supercomputers has increased significantly in recent years – the Next National Supercomputer is expected to cost up to £750m to build and operate for five years,” the report said.</p> <p>“Archer2’s declining performance relative to other supercomputers means it is less capable of supporting world-leading research. Additionally, it is currently expected to close 13 months before its replacement can be switched on, although UKRI believes it will be able to limit the consequences of this for researchers.”</p> <section class="section main-article-chapter" data-menu-title="Investment challenges"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Investment challenges</h2> <p>The report also underlined issues with UKRI’s business cases, particularly in the early stages. It said that in several cases, the business cases had underestimated the complexity and cost of delivering new research infrastructure.</p> <p>One project, aiming to upgrade a research aircraft, spend £46m of its £49m budget before it was decommissioned as it would not deliver all planned benefits.</p> <p>“Our review of business cases found that UKRI did not do enough initially to ensure that the projects’ delivery risk assessments were realistic, and it fixed budgets too early before costs could have been well-understood,” the report said.</p> <p>“UKRI did not initially put in place appropriate safeguards to ensure it challenged overoptimism from individual research councils – who were naturally keen to ensure that their priorities were funded.”</p> <p>Despite these issues, the report found that overall, research infrastructure across the UK is already delivering significant benefits, including medical research, biotechnology and climate science.</p> <p>However, ageing facilities and underinvestment in maintenance continue to pose a growing risk to research and innovation in the UK. Universities would require around £5.6bn to fully restore their own infrastructure, while the Science and Technology Facilities Council estimated that £360m would be needed to restore its research estate to an acceptable condition.</p> <p>A <a href="https://www.computerweekly.com/news/366623561/UKRI-must-do-more-to-drive-innovation-agenda-and-avoid-fraud">previous NAO report</a> on UKRI’s research and innovation funding, published in May 2025, also sighted a lack of coordination in how the government expects UKRI to support the delivery of a range of objectives.</p> <p>Due to the broad nature of UKRI’s activity, government departments indicate their policy priorities to UKRI through a variety of means, including ad hoc and routine meetings,&nbsp;<a href="https://www.computerweekly.com/news/366617831/UK-government-unveils-AI-fuelled-industrial-strategy">government strategies and mission statements</a>, and spending review budgets. However, the NAO reported that these are not consolidated or ranked.</p> <p>The previous report called on UKRI to establish a strong approach to understand how its work is providing a return on investment for taxpayers.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about UKRI and innovation</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366617975/Government-funding-to-help-businesses-discover-AI-value">Government funding</a>&nbsp;to help businesses discover AI value: The government is betting the bank on the power of artificial intelligence to fix the public sector, mend roads and boost the UK economy.</li> <li>The UKRI strategic framework for 2031 lays out the steps the UK needs to take to drive forward <a href="https://www.computerweekly.com/news/366639312/UKRI-sets-out-strategy-to-make-the-UK-an-AI-leader-by-2031">innovation and academic research in artificial intelligence</a>.</li> <li>OpenUK and UKRI collaboration aims to<a href="https://www.computerweekly.com/news/366633932/OpenUK-works-with-UKRI-on-open-source-guidance-for-public-sector"> boost awareness of open source initiatives</a>, community development and the procurement process.</li> </ul> </div> </div> </section> While UKRI has improved its oversight of research and innovation, funding remains fragmented and has been too slow to replace supercomputers https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/innovation-flash-idea-adobe.jpeg https://www.computerweekly.com/news/366640233/UK-falls-behind-on-supercomputing-amid-slow-investment-NAO-warns Fri, 13 Mar 2026 11:09:00 GMT <p><a href="https://www.computerweekly.com/news/366637077/Openreach-puts-a-stop-to-copper-for-another-million-UK-premises">Openreach</a> has revealed its part in a trial using its fibre broadband network to detect leaks in surrounding water pipes, which is said to have already prevented the loss of two megalitres of water in three months, the equivalent to the daily use of around 10,000 people.</p> <p>Leakages are one of the biggest challenges for firms such as <a title="https://url.us.m.mimecastprotect.com/s/y5A8C1wY98hkVYnRVHpiwSVycZS?domain=urldefense.com" href="https://www.affinitywater.co.uk/home">Affinity Water</a>. Daily leaks of three billion litres of treated water in England and Wales are said to <a href="https://discoverwater.co.uk/leaking-pipes">equate to the daily water usage of more than 20 million people</a>, and, according to water regulator <a href="https://www.ofwat.gov.uk/households/supply-and-standards/leakage/">Ofwat</a>, around one-fifth of the country’s water supply. Affinity Water, along with the rest of the UK’s water industry, has committed to halving leakage levels by 2050.</p> <p>Openreach says the appeal of the project is its simplicity and scale: it uses fibre already in the ground, applies machine learning to “listen” for leaks in nearby pipes, and pinpoints issues to within a few metres. The pilot sees utility provider Affinity Water&nbsp;and UK technology company&nbsp;<a title="https://url.us.m.mimecastprotect.com/s/5WVlC2kg95iRMwKjMf2sXS5fQel?domain=urldefense.com" href="https://www.lightsonic.ai/">Lightsonic</a> use Distributed Acoustic Sensing to convert Openreach’s fibre optic cables into thousands of sensors that can “hear” and pinpoint leaks from surrounding water pipes.</p> <p>DAS technology works by detecting changes in the light signal used in fibre optic cables caused by vibrations from a leak or disturbance in surrounding networks. It uses machine learning to locate the exact point of the vibration, and it trains the system to separate background noise – like the rumble of traffic or roadworks, so that leaks stand out clearly – even in busy streets.</p> <p>The fibre-optic leak detection platform was developed by Lightsonic, and is currently being piloted in five locations in the south of England – Walton-on-Thames, Hemel Hempstead, Luton, Chesham/Amersham and Ware – using <a href="https://www.computerweekly.com/news/366637077/Openreach-puts-a-stop-to-copper-for-another-million-UK-premises">Openreach’s full-fibre broadband footprint</a> to monitor 650km of Affinity Water’s network. The technology is said to have big advantages over conventional detection methods, namely continuous monitoring; no need to dig pipework; targeted identification; reduced disruption; and scalability.</p> <p>Existing leakage detection relies on targeted surveys and skilled field teams working systematically across the network. By contrast, fibre sensing complements this approach by providing 24/7 monitoring, so leaks can be spotted sooner and reduce the time between surveys. The technique uses fibre that’s already in the ground, making it cheaper, quicker and more environmentally friendly.</p> <p>The system is said to have the ability to recognise the unique acoustic “signature” of a potential leak, highlighting an area to investigate – often to within a few metres, so repair teams are directed to the right spot.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about connectivity in utilities</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366621374/Honeywell-taps-Verizon-5G-to-modernise-energy-grid-and-utility-management">Honeywell taps Verizon 5G to modernise energy grid and utility management</a>: Connected smart utility meters to enable remote and autonomous utility management capabilities designed to improve energy efficiency, grid resiliency and operational effectiveness for utility companies.</li> <li><a href="https://www.computerweekly.com/news/366549754/Baicells-delivers-LTE-connectivity-with-Tohono-Oodham-Utility-authority">Baicells delivers LTE connectivity with Tohono O'odham Utility authority</a>: Arizona-based tribal&nbsp;community based around small and remote villages teams up with network equipment vendor to deploy an LTE network to gain access to emergency services, telehealth and remote learning.</li> <li><a href="https://www.computerweekly.com/news/366638922/Direct-to-device-connectivity-set-to-underpin-next-generation-of-industrial-IoT">Direct-to-device connectivity&nbsp;set to underpin next generation of industrial IoT</a>: Research from satellite comms firm finds D2D connectivity will underpin the next generation of industrial internet of things, with almost all IoT decision-makers set to adopt the technology in the next 18 months.</li> <li><a href="https://www.computerweekly.com/news/252505050/UK-broadband-trial-investigates-connectivity-through-water-pipes">UK broadband trial to investigate connectivity through water pipes</a>: Government-backed scheme to target broadband for hard-to-reach homes with fibre optic cables fed through utility mains, businesses and mobile masts without digging up roads.</li> </ul> </div> </div> <p>As a result of the system, Openreach says that operators can identify leaks earlier, and water companies can address them before they cause significant disruption, cutting emergency call-outs, and minimising impact on customers and road users. Furthermore, using the national reach of Openreach’s fibre network means the system can be scaled up across the UK.</p> <p>In its first locations, and in just three months, the fibre-sensing technology was said to have allowed Affinity Water to locate more than 100 leaks, saving two million litres of water a day, equivalent to more than 700 million litres every year – enough to supply around 10,000 people.</p> <p>In addition to preventing leaks and enabling earlier detection, Openreach also believes the technology can result in less disruption and a lower‑carbon way to tackle leakages.</p> <p>“The results of our pilot show that our new full-fibre infrastructure can deliver value far beyond broadband – and could prove to be a real game-changer in solving real-world challenges like water conservation,” said Trevor Linney, director of network technology for Openreach.</p> <p>“Around 20% of the UK’s drinking water is lost to leaks, with water conservation a significant and growing issue for the nation,” he added. “What’s great about this technology is that it can be used to detect a whole range of things – from gas leaks to monitoring the health of big structures like bridges and tunnels. It has huge potential.”</p> <p>James Curtis, head of leakage at Affinity Water, added: “Strengthening how we identify and address leaks is central to our leakage strategy. We’re enhancing our existing detection programme with continuous network monitoring, helping our teams target areas of interest more quickly and reduce the time leaks may run before repair. This technology complements the expertise of our field technicians, supporting earlier intervention, better planning and reduced disruption for customers.”</p> <p>“Transforming the telecom fibre-optic network into a continuous sensing layer unlocks entirely new ways to monitor utilities,” said Lightsonic CEO Tommy Langnes. “Detecting two megalitres per day shows what’s possible when fibre sensing solutions and existing infrastructure are combined at scale. This collaboration demonstrates how fibre sensing can deliver measurable environmental impact today, while creating solutions for wider utility monitoring in the future.”</p> UK’s leading broadband provider embarks on test of fibre‑optic leak‑detection system designed to turn cables into thousands of virtual sensors, claiming over two million litres of water saved each day https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/water-taps-basins-utilities-slonme-adobe.jpg https://www.computerweekly.com/news/366640252/Openreach-trials-pioneering-fibre-optic-water-leak-detection Fri, 13 Mar 2026 10:45:00 GMT <div> <p paraeid="{d62cf761-806a-4660-9f67-c20ba3ed9d63}{172}" paraid="1618136971"><span xml:lang="EN-US" data-contrast="auto">As on-campus colleagues share the technology dilemmas keeping their educational institutions from advancing into the future, one point&nbsp;frequently&nbsp;comes up: "How do we do AI -- enterprise AI -- when we already have full</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">time jobs running campuses? Where do we find the time to implement cutting</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">edge practices?"</span></p> </div> <div> <p paraeid="{d62cf761-806a-4660-9f67-c20ba3ed9d63}{202}" paraid="1698186590"><span xml:lang="EN-US" data-contrast="auto">To understand why&nbsp;we're&nbsp;so busy today, it helps to revisit the 1990s and early 2000s, when higher education faced a decline in government support and an increasing dependence on tuition. Colleges and universities were constantly told to "trim the fat" and to run like a business -- to increase revenue, control expenses and somehow do more with less.</span></p> </div> <div> <p paraeid="{d62cf761-806a-4660-9f67-c20ba3ed9d63}{240}" paraid="1977169394"><span xml:lang="EN-US" data-contrast="auto">Technology vendors were delighted to frame this as a pain point and promised wonders. They&nbsp;frequently&nbsp;promised that moving online would generate&nbsp;huge numbers&nbsp;of paying students with no increase in cost.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{11}" paraid="959124364"><span xml:lang="EN-US" data-contrast="auto">As a result, higher education began a massive technology spend that increased year over year. Campuses tended to follow the vendors' lead and what they offered. Departments bought tools to solve immediate local problems. Central IT was pulled into the roles of security guard and maintenance crew -- necessary work, but it was rarely empowered to do coordinated enterprise design.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{53}" paraid="1481423104"><span xml:lang="EN-US" data-contrast="auto">On most campuses, the majority of time and resources are consumed not by innovation&nbsp;but by the maintenance of a&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searchitoperations/definition/What-is-tool-sprawl-Explaining-how-IT-teams-can-avoid-it"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">sprawling</span></span></a><span xml:lang="EN-US" data-contrast="auto">, uncoordinated technology ecosystem&nbsp;--&nbsp;systems that were acquired in response to local needs, funded through local budgets, justified in local language&nbsp;and then quietly stitched together with human labor.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{87}" paraid="1495393736"><span xml:lang="EN-US" data-contrast="auto">In many ways,&nbsp;we're&nbsp;still paying the bill for the software age in the form of meetings, workarounds, integrations, shadow processes, manual reconciliations, data silos, conflicting&nbsp;definitions&nbsp;and the ever</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">popular mindset of "we've always done it this way."</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{105}" paraid="75043510"><span xml:lang="EN-US" data-contrast="auto">The core of this software</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">age strategy&nbsp;wasn't&nbsp;to design an enterprise. It was to buy a tool. We treated technology as products rather than as services embedded in an institutional operating model.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{155}" paraid="956565093"><span xml:lang="EN-US" data-contrast="auto">We created stacks of bricks.</span></p> </div> <div> <h2 paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{165}" paraid="181845345" aria-level="2" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 2">Characteristics of the software age</span></span></h2> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{172}" paraid="1786125885"><span xml:lang="EN-US" data-contrast="auto">A stack of bricks looks impressive until the weather hits. A brick wall is resilient because it has mortar -- design, standards, ownership, governance, maintenance and, most importantly, shared intent.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{204}" paraid="1751024534"><span xml:lang="EN-US" data-contrast="auto">In higher ed, our mortar was often missing. We bought good bricks. We even bought expensive bricks. But without enterprise mortar, every&nbsp;additional&nbsp;brick creates more surface area to&nbsp;maintain&nbsp;and more seams where problems show up.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{218}" paraid="736085815"><span xml:lang="EN-US" data-contrast="auto">That's&nbsp;the hidden answer to the time question: every&nbsp;unmortared&nbsp;brick becomes someone's meeting, spreadsheet,&nbsp;workaround&nbsp;and weekend.</span></p> </div> <div> <p paraeid="{356b810d-2f11-45f5-833a-57876861a7be}{240}" paraid="860395058"><span xml:lang="EN-US" data-contrast="auto">Another defining characteristic of the software age is we often used technology to replicate existing practices -- digitally -- rather than reimagine them. The goal was to do the same thing with a new interface.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{11}" paraid="45538093"><span xml:lang="EN-US" data-contrast="auto">That approach will fail us in the AI age.</span></p> </div> <div> <h2 paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{21}" paraid="310462629" aria-level="2" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 2">The AI age</span></span></h2> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{28}" paraid="1545263902"><span xml:lang="EN-US" data-contrast="auto">AI is not simply "software, but smarter."&nbsp;It's&nbsp;an accelerant. It amplifies whatever system you feed it: your processes,&nbsp;culture,&nbsp;governance,&nbsp;data&nbsp;quality&nbsp;and&nbsp;coordination&nbsp;--&nbsp;or lack of it. If your&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searcherp/feature/5-conditions-for-durable-enterprise-AI"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">institutional pattern is fragmentation</span></span></a><span xml:lang="EN-US" data-contrast="auto">, AI will enthusiastically scale fragmentation. If your pattern is aligned practice, AI will scale that.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{76}" paraid="220197190"><span xml:lang="EN-US" data-contrast="auto">Look at many current AI conversations. We spend our oxygen trying to bend the tool to fit last decade's workflows, instead of asking, "How do we use this to advance student learning and institutional performance?" We drown substantive questions in side</span><span xml:lang="EN-US" data-contrast="auto">&nbsp;</span><span xml:lang="EN-US" data-contrast="auto">quests. Even legitimate concerns, such as integrity, can become a way of avoiding the deeper work: redesigning practice so the institution serves students better.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{134}" paraid="422557505"><span xml:lang="EN-US" data-contrast="auto">If the AI age becomes the "software age, but with chat," we will simply add another stack of bricks and call it transformation.</span></p> </div> <div> <h2 paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{144}" paraid="1176806566" aria-level="2" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 2">But where do we find the time?</span></span></h2> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{153}" paraid="1660903696"><span xml:lang="EN-US" data-contrast="auto">Unfortunately, there is no magic time locker. This is a matter of priorities and operating model.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{167}" paraid="1479129300"><span xml:lang="EN-US" data-contrast="auto">Strangely, when a crisis occurs, we find time. We cancel meetings. We reprioritize. We move money. We make decisions. We do the work. So, when we say, "I'm too busy," we are often saying something more specific: "This is not a priority high enough to displace other priorities."</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{177}" paraid="1776870599"><span xml:lang="EN-US" data-contrast="auto">If you want to infuse AI into your campus, you must make it a priority -- at all levels across the institution, not just in one office or one committee. And the priority must be realistic.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{197}" paraid="89428605"><span xml:lang="EN-US" data-contrast="auto">AI technology is changing rapidly, but an enterprise strategy does not arrive in a single year. Think in terms of a five</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">year strategy. If you try to force an enterprise transformation into a single budget cycle,&nbsp;you'll&nbsp;get what higher education is famous for: a pilot that becomes permanent, a tool that becomes policy and a committee that becomes a substitute for a decision.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{215}" paraid="799166763"><span xml:lang="EN-US" data-contrast="auto">The goal is not speed. The goal is direction,&nbsp;alignment&nbsp;and sustained momentum.</span></p> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{225}" paraid="2031361395"><span xml:lang="EN-US" data-contrast="auto">Here's&nbsp;my recommended list for how to bring about an enterprise AI deployment in manageable steps:</span></p> </div> <div> <h3 paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{239}" paraid="674809666" aria-level="3" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">Treat AI as a capability, not a procurement</span></span></h3> </div> <div> <p paraeid="{bc1300c6-26f4-49e1-b974-641bb9d0bd3c}{248}" paraid="2139826639"><span xml:lang="EN-US" data-contrast="auto">Understand that this will take time, and trying to force it will create backlash.&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searchenterpriseai/feature/QA-Prioritize-AI-adoption-while-safeguarding-human-skills"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">AI is not something you&nbsp;</span><span data-ccp-charstyle="Hyperlink">install</span></span></a><span xml:lang="EN-US" data-contrast="auto">.&nbsp;It is a set of capabilities you cultivate and govern, and it includes data readiness, process readiness, policy readiness, talent&nbsp;readiness&nbsp;and cultural readiness.</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{25}" paraid="2096468186"><span xml:lang="EN-US" data-contrast="auto">Yes, you will buy tools. But tools are downstream of intent. Tools come and go. Capabilities compound. If your AI strategy sounds like a shopping list, however, you are repeating the software age.</span></p> </div> <div> <h3 paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{41}" paraid="1446208076" aria-level="3" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">Plan the institution, not the technology</span></span></h3> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{50}" paraid="424309851"><span xml:lang="EN-US" data-contrast="auto">What do you want and need your institution to be in five years? What student experiences matter most? What administrative functions must become faster,&nbsp;clearer&nbsp;and more humane? What outcomes define success for your campus -- retention, completion, learning quality, affordability, staff sustainability, research&nbsp;capacity&nbsp;and compliance confidence?</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{72}" paraid="1004546002"><span xml:lang="EN-US" data-contrast="auto">Only after you can answer those questions should you choose where AI fits.</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{78}" paraid="654601717"><span xml:lang="EN-US" data-contrast="auto">To make the plan effective, it must include&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searchenterpriseai/feature/Leading-AI-with-ethics-The-new-governance-mandate"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">culture and governance</span></span></a><span xml:lang="EN-US" data-contrast="auto">, but that does not mean a new bureaucracy whose job is to decide yes or no. It means the decision</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">making system that helps the institution make the right choices, say no to&nbsp;misalignment&nbsp;and avoid tool sprawl.</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{104}" paraid="203248440"><span xml:lang="EN-US" data-contrast="auto">In the AI age, governance is not a brake.&nbsp;It's&nbsp;your steering wheel.</span></p> </div> <div> <h3 paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{118}" paraid="1698262868" aria-level="3" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">Build enterprise AI as a transition, not a rip</span></span><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">‑</span></span><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">and</span></span><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">‑</span></span><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">replace fantasy</span></span></h3> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{133}" paraid="750594876"><span xml:lang="EN-US" data-contrast="auto">Realize that you are transitioning from a software</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">age ecosystem that is fragmented, tool</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">centric and silo</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">heavy to an AI</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">age operating model that is capability</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">centric,&nbsp;governed&nbsp;and coherent.</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{169}" paraid="189235018"><span xml:lang="EN-US" data-contrast="auto">That means&nbsp;sequencing&nbsp;matters. You will not fix everything at once, and you should not try. Choose a small set of high</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">value&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searchenterpriseai/post/The-role-of-AI-and-humanics-in-training-healthcare-professionals"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">use cases that matter to the institution</span></span></a><span xml:lang="EN-US" data-contrast="auto">, that can be governed&nbsp;and that force you to build enterprise muscles&nbsp;you'll&nbsp;need later&nbsp;--&nbsp;identity, data access patterns, security, model evaluation, change management&nbsp;and process redesign.</span></p> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{207}" paraid="1658621657"><span xml:lang="EN-US" data-contrast="auto">A well</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">chosen use case pays twice: it delivers value now and builds infrastructure for the next 10 projects.</span></p> </div> <div> <h3 paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{225}" paraid="1387768081" aria-level="3" role="heading"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-parastyle="heading 3">Don't</span><span data-ccp-parastyle="heading 3">&nbsp;do it alone</span></span></h3> </div> <div> <p paraeid="{5e998c76-ab28-4168-b5db-74544908be24}{234}" paraid="484571340"><span xml:lang="EN-US" data-contrast="auto">Peers and colleagues can help you understand what you need. Consortia can reduce duplicated effort. Seek out discussions among institutions on how best to approach AI.&nbsp;Shared playbooks can help you avoid the software age traps. And internal partnerships -- IR, IT, academic affairs, student success, finance, legal, accessibility and faculty -- are not optional. In the AI age, the work is cross</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">functional by design. If one office owns AI, you have already lost.</span></p> </div> <div> <p paraeid="{170d5a70-2280-430d-8249-f1370f8e469f}{31}" paraid="1891403835"><span xml:lang="EN-US" data-contrast="auto">What you want is&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.techtarget.com/searchcio/tip/No-more-AI-silos-The-CIO-integration-playbook"><span xml:lang="EN-US" data-contrast="none"><span data-ccp-charstyle="Hyperlink">shared ownership with clear roles</span></span></a><span xml:lang="EN-US" data-contrast="auto">, with enough decentralization to encourage adoption&nbsp;and&nbsp;enough central coordination to prevent chaos.</span></p> </div> <div> <p paraeid="{170d5a70-2280-430d-8249-f1370f8e469f}{55}" paraid="201523555"><span xml:lang="EN-US" data-contrast="auto">The solution is to treat AI as an enterprise priority and an operating model shift -- backed by governance and a five</span><span xml:lang="EN-US" data-contrast="auto">‑</span><span xml:lang="EN-US" data-contrast="auto">year plan -- rather than as another round of tool buying.</span></p> </div> <div> <p paraeid="{170d5a70-2280-430d-8249-f1370f8e469f}{83}" paraid="658722153"><span xml:lang="EN-US" data-contrast="auto">That's&nbsp;how you avoid repeating the mistakes of the software age.&nbsp;It's&nbsp;how you stop manufacturing busy, and it is how you build a campus that can absorb the future without breaking in the process.</span></p> </div> <div> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/clougherty_robert-f.jpg" alt="Roberty Clougherty" width="134" height="134">Roberty Clougherty </div> <p paraeid="{170d5a70-2280-430d-8249-f1370f8e469f}{115}" paraid="693106799"><em><span xml:lang="EN-US" data-contrast="auto">Robert Clougherty is the AI Strategy and Innovation lead at the&nbsp;</span><a rel="noreferrer noopener" target="_blank" href="https://www.afithighered.com/"><span xml:lang="EN-US" data-contrast="none">Alliance for Innovation &amp; Transformation (AFIT),</span></a><span xml:lang="EN-US" data-contrast="auto"> a nonprofit association that empowers higher education institutions to transform their organizations.</span></em></p> </div> Higher education must prioritize enterprise AI as a strategic shift, not just tool buying. Learn how governance, alignment and a five-year plan can transform institutions. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a377464305.jpg https://www.techtarget.com/searchenterpriseai/post/Time-for-AI-The-too-busy-problem-is-a-software-age-hangover Fri, 13 Mar 2026 10:18:00 GMT <p>The job of the security operations center professional isn't getting any easier. SOC teams continue to grapple with skills gaps, an overwhelming influx of security alerts and daunting resource constraints. Meanwhile, IT environments have grown increasingly complex, compounded by multi-cloud strategies, highly scalable deployments and evolving cybersecurity threats.</p> <p>Many CISOs and IT decision-makers are confronting these challenges by embracing tools that help security teams control and optimize incident responses using advanced detection and remediation. One such technology is <a href="https://www.techtarget.com/searchsecurity/definition/SOAR">SOAR</a>, or <i>security orchestration, automation and response</i>, which comprises a stack of technologies designed to automate and coordinate incident response, threat identification and routine operations.</p> <p>Using predefined automated workflows and playbooks to execute repetitive tasks and validate security configurations, SOAR can lighten the load for security teams.</p> <section class="section main-article-chapter" data-menu-title="More incidents, more complexity: The case for SOAR"> <h2 class="section-title"><i class="icon" data-icon="1"></i>More incidents, more complexity: The case for SOAR</h2> <p>The sophistication and volume of security incidents continue to rise as enterprise environments become more complex. Consider the current landscape: Multivector and AI-fueled cyberattacks are common, attack frequency has <a target="_blank" href="https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/" rel="noopener">doubled</a> compared to pre-pandemic levels, and financial losses are <a target="_blank" href="https://cybersecurityventures.com/official-cybercrime-report-2025/" rel="noopener">expected</a> to rise from about $10.5 trillion in 2025 to over $12.2 trillion in 2031. Enterprise reliance on multi-cloud, hybrid cloud, edge and IoT deployments contributes to the complexity and increases the attack surface. Expanding <a href="https://www.techtarget.com/searchSecurity/tip/Data-sovereignty-compliance-challenges-and-best-practices">compliance requirements</a> also complicate configurations and incident handling.</p> <p>All this leaves CISOs and IT leadership wondering how security staff can realistically handle the escalating workload. With overworked SOC teams chasing <a href="https://www.techtarget.com/searchsecurity/tip/How-to-reduce-false-positive-alerts-and-increase-cybersecurity">false positive alerts</a> and lacking the resources to address them, organizations will experience response delays and inefficient mitigation processes, which could result in vulnerabilities or breaches.</p> <p>This is where SOAR comes in. By automating and orchestrating incident response and centralizing incident management, SOAR platforms help teams address a host of IT security challenges. For example, when integrated into security operations, SOAR can alleviate alert <a href="https://www.techtarget.com/whatis/definition/alert-fatigue">overload and fatigue</a>, improve alert prioritization, reduce human error and ensure consistency. It thereby helps SOC teams minimize the impact of skills gaps and staff shortages. Additionally, the reports generated by SOAR platforms provide information to aid human responders and speed decision-making.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-benefits_and_drawbacks_soar_tools-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-benefits_and_drawbacks_soar_tools-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-benefits_and_drawbacks_soar_tools-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-benefits_and_drawbacks_soar_tools-f.png 1280w" alt="A two-column chart listing the benefits and drawbacks of SOAR tools" height="489" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Core components of SOAR"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Core components of SOAR</h2> <p>SOAR deployments typically consist of the following elements:</p> <ul class="default-list"> <li><b>Event management.</b> Event ingestion, correlation and enrichment engine.</li> <li><b>Ecosystem alignment.</b> Integration of SIEM, endpoint detection and response (<a href="https://www.techtarget.com/searchsecurity/definition/endpoint-detection-and-response-EDR">EDR</a>), firewalls, threat intelligence platforms and APIs for external security tools.</li> <li><b>Procedure development.</b> Automated incident response and remediation workflows and playbooks.</li> <li><b>Monitoring and reporting.</b> Monitoring dashboards and reporting features that offer SOC teams a clear, up-to-date view of current incidents and potential issues.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What are SOAR workflows and playbooks?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are SOAR workflows and playbooks?</h2> <p>SOAR workflows and playbooks are similar but not the same. Some vendors, however, use the terms interchangeably.</p> <p>SOAR workflows are automated sequences of steps executed by a SOAR platform to perform a specific task in an IT system. Playbooks are complete sets of incident response procedures that often contain multiple workflows.</p> <p>Consider a phishing attack. A SOAR workflow would do the following:</p> <ul class="default-list"> <li>Receive an alert about an email containing potentially malicious content from an email security gateway or other related tool.</li> <li>Extract URLs and attachments from the suspicious email.</li> <li>Enrich the alert with threat intelligence data.</li> <li>Assign threat indicators a risk level.</li> <li>Send an alert to the security team.</li> </ul> <p>A SOAR playbook containing multiple workflows would do the following:</p> <ul class="default-list"> <li>Analyze the email (as outlined above).</li> <li>Trigger a remediation -- for example, <a href="https://www.techtarget.com/searchsecurity/tip/Allowlisting-vs-blocklisting-Benefits-and-challenges">blocklist</a> the IP address of the sender.</li> <li>Alert the user about the phishing attempt.</li> <li>Trigger follow-up investigations and remediations -- for example, search other users' email inboxes and remove the malicious email.</li> <li>Send an alert to the security team.</li> <li>Create a report about the incident.</li> </ul> <p>Playbooks cover various scenarios, including configuration security, resource access, configuration validation and vulnerability management. Potential use cases range from <a href="https://www.techtarget.com/searchsecurity/tip/How-to-prevent-and-protect-against-ransomware">ransomware containment</a> to <a href="https://www.techtarget.com/searchsecurity/tip/Insider-threat-hunting-best-practices-and-tools">insider threat investigations</a>. CISOs must evaluate how well each scenario aligns with the organization's security and regulatory compliance requirements.</p> <p>The details of SOAR workflows and playbooks will vary by incident, deployed SOAR tools and the degree of automation versus human oversight.</p> </section> <section class="section main-article-chapter" data-menu-title="How to adopt SOAR"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to adopt SOAR</h2> <p>Adopting SOAR involves the following implementation stages:</p> <ul class="default-list"> <li>Assess the organization's current cybersecurity maturity level, <a href="https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan">incident response processes</a> and SOC workflows.</li> <li>Define clear objectives with measurable goals.</li> <li>Identify the operational issues the SOAR platform should solve. Focus on high-volume, repetitive alerts based on <a href="https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them">common incidents and threats</a>.</li> <li>Assess the organization's current security stack to identify needed integrations.</li> <li>Select a SOAR platform that fits the organization's needs and integrate it into existing systems.</li> <li>Design SOAR workflows and playbooks.</li> <li>Test and refine automated workflows and playbooks based on incident priority with the goal of reducing the security staff's workload.</li> <li>Train <a href="https://www.techtarget.com/searchsecurity/tip/How-to-build-a-cybersecurity-team-to-maximize-business-impact">analysts and other team members</a> to ensure a positive ROI.</li> <li>Deploy SOAR into production. Start small and scale from there.</li> <li>Build metrics and continuous improvement into the deployment. Monitor and optimize workflows and playbooks when threats evolve, processes change or whenever needed.</li> </ul> <p>A successful SOAR deployment can help SOCs overcome limited resources, skills gaps, disparate technologies, complex compliance requirements and alert fatigue. Putting SOAR near the top of the security to-do list will strengthen the organization's security posture and free teams to focus on what matters most -- strategic threat analysis, incident investigation, innovation and growth.</p> <p><em>Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.</em></p> </section> Through their automated workflows and playbooks, SOAR platforms help SOC teams overcome limited resources, skills gaps and alert fatigue. https://cdn.ttgtmedia.com/rms/onlineimages/iot_a253400028.jpg https://www.techtarget.com/searchsecurity/tip/Streamline-SecOps-with-SOAR-workflows-and-playbooks Fri, 13 Mar 2026 10:00:00 GMT 60 webmaster@techtarget.com