CIO CIO

The rebranding of business intelligence (BI) platform vendor MicroStrategy that will see the firm aggressively plug Bitcoin comes with significant risks as a result of the digital currency’s “volatility and the regulatory uncertainties surround the cryptocurrency market,”  an industry analyst said Thursday. The organization will now be known as Strategy, and, according to a release, as well as focusing on BI, it will also be “the world’s first and largest Bitcoin Treasury Company.” In addition, it introduced a new logo that “includes a stylized ‘B,’ signifying the company’s Bitcoin strategy,” as well as a new merchandise store. Melody Brue, vice president and principal analyst at Moor Insights & Strategy, said, “the rebranding reflects the company’s commitment to integrating Bitcoin as a core aspect of its identity and future direction, shifting the company from a purely software-focused entity into a hybrid investment vehicle combining software and Bitcoin.” source

Cybersecurity consistently ranks as the top concern among CIOs worldwide, but despite the high priority they place on ensuring their environments are safe from cybercriminals and hackers, only about one-third (35%) of IT organizations have implemented a comprehensive cyber recovery plan, according to PwC’s 2025 Global Digital Trust Insights report. This gap between awareness and preparedness leaves organizations vulnerable, especially as cyber threats grow increasingly sophisticated. To bridge this critical gap, IT leaders should focus on the five S’s —speed, security, scale, simplicity, and smarts — to strengthen their cybersecurity and response capabilities. Understanding and implementing these five S’s can mean the difference between a cyberattack causing a minor hiccup in business operations versus a multi-week disruption that costs millions. The cost of delay: Why speed matters The stakes couldn’t be higher when it comes to recovery speed. According to ITIC’s 2024 Hourly Cost of Downtime Survey, 90% of mid-size and large enterprises face costs exceeding $300,000 for each hour of system downtime. Despite these staggering figures, many organizations remain unprepared and struggle to achieve rapid recovery times in the aftermath of an event, in part due to fragmented tools built atop older, traditional file systems. The first order of business is to understand exactly what happened in the wake of a destructive cyber-attack. Without a clear, unified view of the infrastructure, that’s going to take a lot of time. And when the business is down due to an IT failure, there’s no time to lose. The patchwork nature of traditional data management solutions makes testing response and recovery plans cumbersome and complex. As a result, when an actual attack occurs, these complications often prevent proper execution of the response and recovery plan. To address these challenges, organizations need to implement a unified data security and management system that delivers consistent backup and recovery performance. Such systems should include global search capabilities for quick resource identification and automated verification of backup recoverability. After successfully removing the root cause of the attack, the ability to restore hundreds, or even thousands, of virtual machines quickly is essential. Security: Protecting your backups is the last line of defense As ransomware and malware evolve, attackers increasingly target backup systems — traditionally considered the last line of defense. This trend has forced organizations to fundamentally rethink their approach to backup security. According to Foundry’s 2024 Security Priorities study, protecting confidential and sensitive data remains the number one security priority for CIOs. Modern security architectures deliver multiple layers of protection. Regarding encryption, IT should employ TLS for data in transit and AES-256 encryption for data at rest. A zero trust architecture supported by multi-factor authentication (MFA), separation of duties and least privilege access for both machines and roles will help prevent unauthorized users and machines from accessing the environment. Administrators should also harden their platform regularly, by applying patches and upgrades as they are published by their vendors. Concerning data recovery, a fault-tolerant backup infrastructure ensures that backups both occur as expected and are in a recoverable state. After malware has encrypted critical data, no one wants to discover that recoverable backups don’t exist. Additionally, cybercriminals now employ malware that specifically targets backups, so it’s important to ensure that backups live in immutable storage, which prevents malicious encryption. Many organizations use a cyber vault for additional resilience. This vault stores an immutable copy of data that’s isolated from other copies. This further reduces your risk in the event of a destructive cyber-attack. Scaling for tomorrow’s challenges Traditional secondary storage infrastructures usually grow organically, resulting in disparate systems that require individual provisioning, configuration, and management for each silo. This fragmentation not only creates security vulnerabilities but also prevents efficient scaling. The solution lies in implementing a unified platform for multiple data sources that is capable of supporting all of their data sources. Start by backing up virtual machines, physical servers, and enterprise systems of record that store your most sensitive information. You’ll also want to secure and protect data stored in the cloud, and in your SaaS applications. Do a thorough evaluation of supported data sources here – you probably need to secure and protect data from more systems than you think. It’s common for an enterprise to have over 400 different sources. Such systems should provide a single management console across all environments. In brief, enterprises need wide, broad, robust support through a single platform for all their hundreds of data sources.  Complexity remains the common thread underlying most cybersecurity and data management challenges. Overly complex storage, security, and backup systems kill efficiency, create overlooked security vulnerabilities, and make data difficult to locate and identify. Organizations need to move away from the traditional approach of bolting security onto existing systems. Instead, they should seek unified data systems with API-first architectures that facilitate seamless integration and unified management. The AI advantage: Adding smarts to security Attackers are using AI to increase the specificity, sophistication and scale of their attacks, but, thankfully, AI can also provide powerful tools for enterprise security. Modern AI-driven security systems excel at detecting malware, ransomware and anomalies that could be the result of a breach. AI can gather and analyze threat intelligence that enables IT and security teams to take proactive action against future threats. AI can also automatically classify data so that it’s appropriately tiered for the level of protection required, and it can improve capacity planning and optimization to ensure that IT always has the infrastructure it needs to protect and secure sensitive data. Cohesity’s multi-cloud data management platform enables organizations to achieve significant improvements across all five S’s. In terms of speed, organizations have achieved 45% faster backups and 10 times faster data recovery. Security improvements have resulted in $2 million savings on cyber insurance costs, with many customers avoiding ransom payments entirely following attacks. The platform’s scalability has enabled management of billions of objects across multiple nodes, and it makes management so simple, enterprises have been able to manage 63% more VMs per FTE. AI-driven smarts have delivered

“I ask leading questions,” he says. “‘Did you think of x, y, and z? What about this?’ This will not only get your team thinking about the right things; it will also get you the answers you need.” 8. Be smart about AI “It is critical for IT leaders to become more decisive about their company’s AI strategy,” says Dr. Kjell Carlsson, head of AI strategy at Domino Data Lab. Many tech leaders struggle with this because, as Ringdahl explains it, they lack confidence in this area. “They don’t have a background or experience in AI and ML,” says Carlsson. These decisions, though, according to Carlsson, need to come from IT leaders. “They need to make effective decisions about investments in AI and ML capabilities and which AI use cases to prioritize, for the firm to have any hope of being able to drive meaningful impact with AI.” As with most decisions, building your foundational knowledge helps here, too. “The key to success lies in recognizing that AI has plenty of similarities to the waves of data-oriented technologies that have gone before,” he says. “The specifics differ but the key questions that need to be asked and answered to guide these initiatives are largely the same.”  How will it be implemented? What resources are needed? What are the risks? How will it be governed? “Only the senior executive can ensure these questions get answered,” he says. “It is incumbent on them to validate that these answers hold water.” source

“This has been met with anger and annoyance, but we have only seen a handful decide that they will take the short-term pain, sign up for a multi-year renewal, then start to plan their migration away from VMware technology,” Thompson adds. In the end, VMware isn’t a good comparison to mainframes because it’s possible to find other options, even if the migration can be expensive, adds Ferris Ellis, CEO at software solutions provider Urban Dynamics. Large VMware customers seeing huge price increases may be able to justify the time and complexity of a migration, he says. “Mainframes have much stronger lock-in for the software running on them,” he says. “They force a deep-rooted dependency on their proprietary hardware and platform for the workloads they run. The workloads on any VM platform, VMware or otherwise, have little concept of which platform they’re on — that’s part of the value of a VM platform.” source

Artificial intelligence (AI)-enabled systems are driving a new era of business transformation, revolutionizing industries through prescriptive analytics, personalized customer experiences and process automation. From manufacturing to healthcare and finance to defense, AI enhances efficiency, decision-making and operational agility, providing organizations a competitive edge in an increasingly data-driven world. Its processing of vast datasets enables supply chain precision, life-saving diagnostics and hyper-personalized consumer interactions, fostering scalability and innovation.  However, as AI adoption accelerates, organizations face rising threats from adversarial attacks, data poisoning, algorithmic bias and regulatory uncertainties. Without robust security and governance frameworks, unsecured AI systems can erode stakeholder trust, disrupt operations and expose businesses to compliance and reputational risks.  Senior executives are challenged with securing AI, aligning initiatives with governance frameworks and fortifying business resilience. Organizations can unlock AI’s full potential by proactively addressing security, ethics and operational challenges while ensuring transparency, reliability and long-term sustainability.  source

Security and IT operations (SecOps) teams face serious fatigue dealing with rapidly evolving threats. Traditional vulnerability management requires too much manual investigation before finding a fix. SecOps teams can take weeks and even months to review documentation, make recommendations, and coordinate vulnerability patches. That’s a lot of time for an attacker to exploit vulnerabilities and potentially compromise your organization’s systems and data. The real problem is most security teams don’t have enough knowledge about what’s running in their IT and DevOps environments to understand, prioritize, and fix critical vulnerabilities. When the list of vulnerabilities gets passed onto the IT operations and DevOps teams, they often don’t know how to remediate the vulnerability. These teams need to manually search and investigate the proper remediation steps. How agentic AI can help Generative AI and agentic AI can help SecOps teams transform their approach to vulnerability management. BMC’s State of GenAI and Agentic AI for IT report found: 49% of respondents want AI to detect, prioritize, and resolve vulnerabilities 43% see automated vulnerability risk resolution in their future With agentic AI, SecOps teams can shorten the time to resolve exposures, improve compliance and risk management, and collaborate on ways to keep their business resilient. BMC HelixGPT Vulnerability Resolver is an AI assistant within BMC Helix AIOps and Observability that helps SecOps teams quickly address vulnerabilities through risk and impact analysis, task automation, and remediation recommendations. By consolidating vulnerability data, the BMC HelixGPT Vulnerability Resolver gives you a comprehensive view of vulnerabilities affecting critical business services. Seeing the risk and impact side-by-side with service health, teams will know which services and owners with the highest levels of vulnerability risks need rapid remediation or attention. To assist teams in responding swiftly, the AI assistant offers a summary of each vulnerability from the Common Vulnerabilities and Exposures (CVE) list, along with a link to full details. Most importantly, the BMC HelixGPT Vulnerability Resolver recommends actions for addressing each critical vulnerability. If code changes are needed for remediation, the code wizard is enabled to provide the required code change. In a click, IT operations and DevOps teams can create a change request in a ticketing system for each affected asset using the remediation steps provided by the AI assistant. In addition, pertinent information about the vulnerability is also included in the change request. How CIOs can CISOs can partner to successfully implement agentic AI Today, SecOps spends too much time on vulnerability research and remediation and can be slow in addressing critical vulnerabilities. As AI assistants evolve, understanding and harnessing their full potential may transform vulnerability management. Assistants that combine machine learning with specialized domains, such as causal and predictive AI, could drive even greater efficiency and autonomy. BMC Helix AIOps integrates causal, predictive, and generative AI to analyze observability data, identify the root cause, and access the impact an incident has on services. The solution’s predictive AI scans for non-obvious trends in the data to detect impending and ongoing issues, while causal AI correlates and causally associates anomalies. When the solution detects a critical situation that requires a deeper-dive, agentic AI is used to identify scenarios, like risks associated with vulnerabilities and security threats, by pulling just-in-time data processed with generative AI. The BMC Helix AIOps solution increases collaboration between IT and security operations, enabling teams to share responsibility for identifying and quickly resolving security vulnerabilities. With the BMC HelixGPT Vulnerability Resolver assistant, SecOps will understand the impact on business services and resolve critical vulnerabilities faster. See the BMC HelixGPT Vulnerability Resolver demo to learn agentic AI in action. Contact BMC for more information. source

Ensure their environment is intuitive, easy to test your agents within, and has enhanced options for your agents such as short- and long-term memory. Plus, there should be features for responsible AI — reflection, groundedness, and context relevance — and safe AI — fairness and bias, toxicity check, human-in-the-loop, and PII redaction. You’ll also want to have, at a glance, visibility into your credits used as part of your subscription, as well as value-added features like the ability to improve the role and instructions for your agent using AI. Thorough API documentation Once your agents are built in the AI agent builder platform, the next step is to use API calls to implement these agents within your own applications. Look for plentiful documentation at the API level, but also higher-level information that explains the sequence when provisioning agents on the fly, and so on. This is where clear documentation can help your own IT team get up to speed and learn the required sequence from environment setup, to RAG creation and training, to agent creation, to agent interaction and inquiry.  They’ll also need clear documentation on how to monitor and report on token usage, and how to monitor and display historical inquiries, AI agent and security performance, and integration with other systems. Having this information can often halve your development and testing time since there’s far less back-and-forth between your IT team and the agent provider resolving questions and issues. source

The insurance giant’s EVP and CTO sees a bright future for IT in digitizing the ordinary things workers do in order to humanize the extraordinary things they do. source

In my many customer conversations at our recent European user conference, VMware Explore Barcelona, one message was clear: The strategic importance of data is fueling demand for sovereign cloud services.  Cloud sovereignty is central to the European Union’s quest for increased digital autonomy, with the aim of fostering innovation and supporting European businesses on their digital transformation journey. I want to stress that Broadcom is committed to helping organizations and governments meet their digital transformation and data-sovereignty needs. We’re working closely with cloud service providers (CSPs) on solutions that provide enterprises with strict control over their data, regulatory compliance, and deployment flexibility. By prioritizing data residency and control, we enable our partners and customers to manage their data and scale their operations without compromising on security or sovereignty. VMware Cloud Foundation: Built for Sovereignty and Flexibility Our flagship offering, VMware Cloud Foundation (VCF), is the bedrock of our strategy and provides the ultimate sovereign cloud solution at competitive prices. It also guides your national cloud providers to deliver sovereign cloud services that comply with national laws. With VCF, customers can retain critical workloads on-premises, ensuring their data remains within their own borders and under their control. At the same time, VCF’s compatibility with leading CSPs enables a seamless experience across private and public cloud environments. We’re working with major European CSPs to build a strong VMware-based ecosystem of sovereign cloud solutions that let their customers transition to the cloud while ensuring the highest standards of data sovereignty. This partnership model empowers European CSPs to compete effectively with global hyperscalers, providing European businesses with cloud services tailored to their specific needs. A Per-Core Subscription Model for Adaptability To offer our customers greater flexibility, Broadcom’s per-core subscription model provides a range of options in product offerings, subscription length, and payment terms. This model ensures that organizations large and small can access the solutions they need at a scale and price in line with their capacity and investment strategies. We heard positive feedback on this subscription model in Barcelona. This subscription-based approach reflects a broader industry trend toward flexible, cost-effective solutions that prioritize sovereignty, giving European customers the power to navigate the evolving digital landscape more confidently. Championing Data Sovereignty and Competitiveness For many European organizations, data sovereignty is a business imperative that fuels competitiveness. Our products empower European organizations to retain control over their data and build their digital futures while remaining in alignment with European regulatory frameworks. With more and more organizations planning to bring certain workloads back on-premises, Broadcom enables companies to adapt to these requirements through the VMware ecosystem. Our solutions simplify compliance, providing tools to manage data retention, control, and sovereignty within any preferred IT environment, which is especially crucial as organizations seek to scale and grow. Innovation and Growth for European SMEs and Scale-Ups Of course, organizations at varying stages of digital transformation. Our solutions are designed to support customers wherever they are in their journey. For Europe’s small and medium enterprises (SMEs), flexibility and scalability are critical to compete. Our scalable solutions provide affordable access to cloud infrastructure, allowing these businesses to expand at their own pace, unencumbered by restrictive pricing models. And we offer CSP partners all around the globe to assist. Meeting the Demand for Sovereign AI The rise of sovereign AI presents unique challenges, especially as organizations seek to balance data control with AI-driven innovation. We’re working closely with our strategic partners to introduce AI-powered services that respect data privacy and sovereignty. This collaboration empowers customers to harness the potential of AI within a framework that prioritizes regulatory and ethical considerations — an essential factor as organizations look to incorporate AI responsibly into their operations. Broadcom’s Commitment to a Sovereign, Competitive Cloud Future for Europe Our approach to sovereign cloud centers on delivering flexibility, control, and innovation for our customers and partners across Europe. By providing solutions that meet the specific needs of European organizations, whether they prefer to operate on-premises or in the cloud, we are helping them grow, compete, and navigate an increasingly digital and data-driven landscape. As demand for sovereign cloud solutions continues to grow, Broadcom will continue to ensure that European organizations have access to scalable, secure, and compliant cloud environments. We are proud to support our CSP partners as they compete with global hyperscalers, offering a truly European alternative that champions data control, regulatory compliance, and technological independence. Through our work, we are enabling Europe’s tech ecosystem to thrive as we support our customers’ ambitions in a rapidly changing world. To learn more visit us here. About Hock Tan Broadcom Hock Tan is Broadcom President, Chief Executive Officer and Director. He has held this position since March 2006. From September 2005 to January 2008, he served as chairman of the board of Integrated Device Technology. Prior to becoming chairman of IDT, Mr. Tan was the President and Chief Executive Officer of Integrated Circuit Systems from June 1999 to September 2005. Prior to ICS, Mr. Tan was Vice President of Finance with Commodore International from 1992 to 1994, and previously held senior management positions with PepsiCo and General Motors. Mr. Tan served as managing director of Pacven Investment, a venture capital fund in Singapore from 1988 to 1992, and served as managing director for Hume Industries in Malaysia from 1983 to 1988. source