CIO CIO

With the rapid rise of AI, especially GenAI, clients are evaluating risks from partner or vendor use of AI. CIOs and organizations are advised to consider how these risks may impact their operations and security and create contractual terms to address them. Specific areas of concern for CIOs and IT organizations are how a vendor uses its data, whether its data will be used in training public models, how data is protected, data access, results bias, and risks of hallucination and plagiarism. Clients wish to understand and mitigate the additional risk that AI may bring from their vendor and partner relationships. CIOs and organizations recognizing this risk (and following recommendations of research firms) are now embedding specific requirements in their vendor and partner contracts. They are demanding clear assurances on how AI-related risks are mitigated. These clients expect responsive, meaningful information about the safeguards in place, particularly around data use, adherence to data protection practices, and use cases that impact them. For vendors and partners, meeting these demands requires preparing comprehensive, transparent contractual responses that are accurate and will not delay contracting. Also, we are witnessing, on both the vendor side and client side, frustration with how these clauses are delaying contracting itself as both client and vendor legal teams struggle over them. To address this, vendors and clients need to develop a model for how they want to address, communicate, and understand AI risk. To help simplify the process and provide a leg up for developing AI risk clauses in contracts (for both clients and vendors), this overview covers the key elements that are essential for drafting and responding to AI risk provisions. On both the vendor and client side, standardized, flexible language should be developed immediately with the assistance of legal, because, even if a vendor or partner hasn’t had to respond to an AI clause in a contract yet, it will. Defining AI’s purpose and ensuring transparency Clients need to understand how AI will be used within their contracted services or product. To address this, vendors need to start by defining AI’s role in the service(s) or product provided, highlighting both its purpose and the potential benefits for the client. For instance, AI might be used to support data analysis, improve operational efficiency, or streamline routine tasks — all areas that can drive value when clearly communicated. A well-defined purpose of AI helps clarify that AI’s role is not arbitrary and establishes transparency, allowing clients to understand exactly how it aligns with their goals. Additionally, this section should cover any limitations around the use of AI (i.e., how it will not be used). Use of client data A key (if not primary) client concern is how its data will be used by a vendor or partner. While data usage should be stated as part of a vendor’s existing, standard, data protection policy, the concern is heightened due to some unique aspects of GenAI. In this regard, the contract should outline the vendor’s current practices regarding data security and privacy as well as adherence to regulations such as GDPR, CCPA, and other relevant data protection laws. A vendor should already have defined client data policies. GenAI should be a superset or expansion on existing vendor data protection policies. Clear guidelines around data handling practices help ensure that client data remains secure and protected from unintended uses. Clients are particularly concerned about their data being used to train AI models, as well as its visibility to other clients. This is a key risk clients want addressed. One practice involves stating a prohibition on using non-anonymized client data for AI training without prior consent. Another is stating that client data is not used in training. Addressing these details upfront not only enhances trust but also aligns with industry standards on ethical data management. Establishing an AI usage policy and human oversight Vendors having a formal AI usage policy gives clients clarity around the types of AI technologies being used. This policy should cover specific provisions on how AI may be used in generating client-related insights. For example, there should be provisions explaining how AI is used internally and applied to client-specific data to answer client needs. Incorporating human oversight into AI applications provides an additional safeguard. By establishing that all AI operations will undergo human review, vendors can assure clients that automated processes will be validated by human personnel. This not only mitigates risks but also reinforces quality control, especially in contexts where AI is used to support data analysis or insights. Having a human expert review and supervise these outputs helps ensure that client standards and expectations are met, reducing the likelihood of unintentional errors or oversights from automated processes. Vendors should make clear what, if any, oversight is being provided and where. Risk management and confidentiality Effective risk management is crucial for any vendor offering AI as part of its product, and clients want to know that measures are in place to handle potential AI-related risks. The contract should outline risk management strategies, including regular audits of AI systems, impact assessments for high-stakes AI use cases, mitigation of AI drift, and incident response plans for data breaches or misuse. Clients will feel reassured knowing that the vendor has measures in place to address issues before they impact service quality or data security. Confidentiality agreements also play a critical role in safeguarding client data. Reinforce the organization’s commitment to data privacy by referencing any confidentiality agreements that protect client information from unauthorized disclosure. By including terms that limit access to sensitive client data for AI systems or other technologies, clients are reassured that their data will be handled in line with privacy expectations. These agreements signal that sensitive information will not be disclosed or processed by AI without prior client consent. These agreements are typically in place for data handling even outside the scope of AI. In any AI-related contract, it is essential to ensure that the client or customer also has a robust AI policy in place.

Episode #3: Old Yeller This was, apparently, widely known in our IT organization: One of my peers was notorious for calling one or another female staff member into his office and screaming at them for no reason. A member of one of my teams asked me why I didn’t do anything about this. After thanking them for letting me know about the situation, I met with the CIO, who informed me that while problematic, my peer was in many ways a strong performer, whose ongoing stream of accomplishments the company would miss should they be lost. And so, HR was working with the offending manager to try to get him back on the rails, on the grounds that the company didn’t want to lose such a valuable employee. My insight — that the company had already lost quite a few valuable employees because of this situation — wasn’t, shall we say, welcome. source

Manish Limaye Pillar #1: Data platform  The data platform pillar comprises tools, frameworks and processing and hosting technologies that enable an organization to process large volumes of data, both in batch and streaming modes. Organizations must decide on their hosting provider, whether it be an on-prem setup, cloud solutions like AWS, GCP, Azure or specialized data platform providers such as Snowflake and Databricks. They must also select the data processing frameworks — such as Spark, Beam or SQL-based processing — and choose tools for ML.  Based on business needs and the nature of the data, raw vs structured, organizations should determine whether to set up a data warehouse, a Lakehouse or consider a data fabric technology. The choice of vendors should align with the broader cloud or on-premises strategy. For example, if a company has chosen AWS as its preferred cloud provider and is committed to primarily operating within AWS, it makes sense to utilize the AWS data platform. Similarly, there is a case for Snowflake, Cloudera or other platforms, depending on the company’s overarching technology strategy.  However, I am not in favor of assembling numerous tools in pursuit of the elusive “best of breed” dream, as integrating these tools is excessively time-consuming, and technology evolves too rapidly for DIY integration to keep up. Furthermore, generally speaking, data should not be split across multiple databases on different cloud providers to achieve cloud neutrality. Not my original quote, but a cardinal sin of cloud-native data architecture is copying data from one location to another. That’s free money given to cloud providers and creates significant issues in end-to-end value generation.  source

Moreover, the subject matter of many prompts, some of which involved suicidal ideation and violence, among other disturbing topics, coupled with restrictions from Scale AI around break times and outside research, created a grueling, authoritarian workplace in which workers could be terminated for complaining about working conditions, payments, or company processes, the complaint said. Additionally, the suit says that McKinney and the many others in his position were misclassified under California law as independent contractors, rather than employees. Generally speaking, employers have fewer legal responsibilities to independent contractors than they have to full employees, who are more likely to be subject to state and federal laws about overtime payment, among other things. California’s legal standard for deciding which workers are independent contractors and which are employees is fairly strict, and is referred to as an ABC test, for its three-pronged nature. According to the California Labor and Workforce Development Agency, workers are employees unless they are free from the control and direction of the hiring entity, are doing work outside the usual course of the hiring entity’s business, and are “customarily engaged” in an independent business of the type they’re being hired for. None of those standards, the lawsuit argues, are met in the case of McKinney and the other Scale AI workers in his position. source

Despite cynical theories of slowdown, the Big 4 software giants’ growth is being rocket-fuelled by cloud migrations, as their recent quarterly reports show. But could the looming “service software” AI tsunami threaten the very business they are trying to sustain? source

What are some of the areas where digital leaders can take a page from Grant’s book when it comes to persistence? As a CIO, you’re always being asked to do more with less in terms of budget and staffing. So you have to be persistently resourceful. A great example are cloud costs. Nobody ever says, ‘Oh, yeah, Mark showed up, put in the solution, we’re all good now. We’re very satisfied and happy with what we’re spending on the cloud.’ No, it’s an ongoing saga. And in all those cases you have to be persistent. In terms of staffing, you have to persistently manage performance, and people will respect you for that. You might think IT is in a walled-off fort, not visible to other people in the company. Nothing could be further from the truth. A large cross-section of your IT team is living in a glass house, and whatever dysfunctionality is occurring within your organization is far more obvious to people outside of IT than you can imagine. Even if your IT group is in a warehouse away from every other corporate facility, there are just too many interactions that go on with your business partners, and if you’re not persistently managing that performance, it will come back to bite you, and undermine the proactive things you want to do in the future in terms of budget and staffing.  source

Transport for New South Wales was first established in 2011, and since then, the culture of putting customers and communities at the center of everything, and partnering with operational agencies, private operators, and industry to deliver passenger focus services and projects, has been a constant. As a leading advocate, chief innovation and technology officer Kurt Brissett is in charge of the technology and innovation team, and effectively responsible to deliver services for people and goods — whether on roads, trains, busses, ferries, metro, light rail, vehicles on demand, and even walking and cycling — for a population of about 8.5 million. “We also deliver on the largest investment that New South Wales has made in transport infrastructure in history through our project delivery partners and industry experts,” he says. “My team and I have a vision to optimize the use of all types of technology to offer the best transport experience for our customers, communities, the transport system, and, of course, our workforce, and we ultimately want to use technology to create the safest, fastest, easiest, most reliable and most cost effective transport system in Australia.” The success of that vision, carried throughout its nearly 30,000 employees, depends on a consistent effort to be laser-focused on applying the best of emerging tech and talent. “We don’t just operate transportation services; we deliver large-scale projects and for that, not only do we need technology roles and more developers, we require more testers and product managers,” says Brissett. “There’s also a raft of other roles that lend themselves to other skills, such as project managers, business analysts, change managers, and cyber security experts. And of course, we have a whole range of frontline staff roles across our various modes.” source

In boardrooms across the tech industry, CTOs and CIOs face a common challenge: effectively communicating and demonstrating IT productivity to leadership. Especially as organizations aim to deploy generative AI and other transformative technologies at a rapid pace, it’s critical to employ a reliable framework to measure engineering productivity. Established frameworks including DORA, SPACE, and DevEx exist for this purpose, but each takes a different approach to defining and measuring productivity, and none of them alone provide a truly comprehensive analysis. “In every board meeting, there’s the inevitable slide where the CTO is talking about productivity, and it always feels unsatisfying,” said Abi Noda, co-founder and CEO of DX, the company that created DX Core 4 . “We heard from CEOs and CIOs asking how to consolidate these different perspectives on productivity, so our goal was to create a single, benchmarkable approach that encapsulates all three major frameworks.” The researchers behind DORA, SPACE, and DevEx — which include Abi Noda, Nicole Forsgren, and Margaret-Anne Storey — collaborated to develop the DX Core 4 framework. This new framework provides a multi-dimensional approach that combines the three established methodologies into a single framework. DX Core 4 measures four key dimensions of engineering productivity: speed, effectiveness, quality, and impact (see Figure 1). Figure 1 DX The framework takes a balanced approach to measurement, combining both quantitative and qualitative metrics. Qualitative metrics are captured by surveying IT team members, which is important due to the limitations of quantitative data alone. Survey responses reveal the “why” behind the metrics and provide context. “Let’s say you were feeling sick and went to the doctor,” Noda said. “The nurse takes your temperature, and says, ‘Your temperature is normal, so it looks like you’re fine.’ You would protest, saying, ‘But I still feel sick!’” The issue is quantitative data may not detect a problem that people in the midst of the process can clearly see. Survey responses can also add critical explanatory context to the quantitative data, enabling leadership to clearly see the root cause of an issue, he said. The framework also addresses a common pitfall in productivity measurement: the tendency to optimize for a single metric at the expense of others. “Everyone in tech knows that if you just index on lines of code or a measure of speed, you’ll get more of that at the expense of other things,” Noda cautions. “The multi-dimensional approach of DX Core 4 helps organizations maintain a balanced perspective on productivity.” Perhaps most importantly, the framework is designed to be useful across all organizational levels, from business managers to C-suite executives. This alignment helps ensure productivity goals remain relevant and consistent throughout the organization, preventing the common disconnect between executive objectives and team-level metrics. To learn more about the DX Core 4 and view industry benchmarks, visit getdx.com/core4.  source

When you have a young daughter like I do, it’s almost impossible to avoid getting swept up into the Taylor Swift fan frenzy. After attending one of her concerts recently with my family, I came away impressed by her talent and even more so with her entrepreneurial mindset, brand management, and resilience. In my nearly three decades of financial management and capital markets experience, I’ve learned many lessons and fundamental truths. And as I thought more carefully about the business aspects of her success, I realized there are five essential insights that every enterprise CFO can benefit from and apply to their financial leadership of a large enterprise. And there’s even more to learn: Harvard University now offers a course on Taylor Swift, and similarly inspired courses are sweeping colleges nationwide. The five lessons I’ve curated here are ones most CFOs are probably already aware of, yet the stellar examples set forth by Swift serve as useful reminders to spark renewed energy, in a creative way, toward action. 1. Diversification of Revenue Streams According to The Washington Post, Swift’s “…record-shattering Eras Tour is set to be the most lucrative concert run in American history.”  CNBC adds, “the Eras Tour concert film has shattered records and helped the theater industry weather a light release calendar.” Swift has not limited herself to just album sales and concert tours, she has also smartly diversified her income streams through merchandise sales, brand partnerships, and streaming platforms that in total have helped to propel her into the billionaire’s club, according to Forbes. Her savvy is a good reminder for enterprise CFOs on the importance of diversifying revenue sources to reduce risk and ensure stability. 2. Data-Driven Decision-Making Swift has been known to use data analytics extensively in her career. “Working with her team, the pop star adds a personable human touch to the marketing mix: through using data-driven trend-based insights to create musical arrangements, video content, and engaging social media campaigns that appeal to a wealth of audience segments,” according to a Digital Marketing Institute article focused on four lessons digital marketers can take from Swift’s marketing genius. Successful enterprise CFOs apply this lesson daily by leveraging data analytics to make informed financial decisions, optimize processes, and identify growth opportunities within their organizations. 3. Strategic Negotiation Negotiations with music labels and streaming platforms, such as her decision to re-record her music, demonstrate Swift’s strategic negotiation skills. In 2015, she went head-to-head against Apple, prompting the company to drop its plan not to pay artists royalties during the trial period of its new streaming service. Successful CFOs know that in the dynamic world of finance, strong negotiation skills are of pivotal importance to managing risk, driving growth, and accelerating profitability. And, as Swift has demonstrated, negotiation isn’t just about striking deals—it’s about aligning interests, identifying allies for mutually beneficial outcomes, and building solid relationships. 4. Brand Management Swift has also carefully managed her brand, crafting a strong and authentic image that resonates with her audience. According to Forbes Australia, she, “…has mastered the art of storytelling, using her music and public image to create a narrative that fans can relate to.” After master recordings of her first six albums were sold to Ithaca Holdings in 2019, she moved to regain ownership of her legacy by re-recording the songs from the albums. CFOs can learn from her brand management strategy and how it can impact financial performance, customer loyalty, and market positioning. By leveraging financial data and insights, CFOs can contribute to the success of their brand by helping to define profitable positioning, recognize high-value customer touchpoints, and balance resource priorities for market segments.  Moreover, with the insight gathered, the CFO can guide the organization to be calculated and assess the proper ROI when protecting one’s hard earned intellectual property, which is a very costly, but sometimes necessary, endeavor. 5. Adaptability and Resilience Finally, throughout her career, Swift has adapted to changes in the music industry and overcome challenges. Successful CFOs are continually learning, and are adaptable and resilient, especially in the face of economic fluctuations, regulatory changes, and unexpected events, ensuring their organizations remain financially stable in turbulent times. And as economic uncertainty shows no sign of abating, CFOs will continue to be integral leaders in demonstrating adaptability and resilience to ensure long-term success for their organizations. Creative inspiration While the entertainment industry and the corporate world are different in many ways, these five lessons from Taylor Swift’s successful career—diversification of revenue streams; data-driven decision making; strategic negotiation; brand management; adaptability and resilience—serve to remind and inspire CFOs to think creatively while adapting to changing circumstances and making strategic decisions. Learn more: CFO and finance leaders, discover how more than 5,300 clients have saved an estimated total of over $8B to date on enterprise software maintenance costs with Rimini Street. source

Commercial apps are getting closer At the same time, the researchers made further progress: They were able to improve the quality of their qubit arrays, as these now have a significantly longer lifespan than the individual physical qubits. In other words, calculations can take longer. For Neven, this has resulted in the most convincing prototype for a scalable logical qubit to date. He sees this as a sign that useful, very large quantum computers can actually be built. Willow thus brings the implementation of practical, commercially relevant algorithms that cannot be replicated on conventional computers, Neven claims. Earlier this year, Microsoft reported a quantum breakthrough with a qubit-virtualization system that it claimed broke a logical-qubit creation record. The company also aims to provide a commercial offering. source