CIO CIO

Business and IT leaders agree that improving the “digital employee experience” (DEX) results in better productivity and workplace morale. But recent research by Ivanti reveals an important reason why many organizations fail to achieve those benefits: rank-and-file IT workers lack the funding and the operational know-how to get it done. They don’t prioritize DEX for others because the organization hasn’t prioritized improving DEX for the IT team. There are enormous benefits in improving digital employee experience, and DEX remains an area that executive leaders are optimistic about. But there is a disconnect when it comes to its practical application across IT teams. IT professionals remain extremely skeptical, in part because they are being left out of the benefits of DEX. This has led to problematic perceptions: almost two-thirds (60%) of IT professionals in the Ivanti survey believing “Digital employee experience is a buzzword with no practical application at my organization.” Clearly IT leaders need to do more for teams to realize the full benefits of DEX. DEX best practices, metrics, and tools are missing Nearly seven in ten (69%) leadership-level employees call DEX an essential or high priority in Ivanti’s 2024 Digital Experience Report: A CIO Call to Action, up from 61% a year ago. Yet the same report confirmed that DEX best practices are still not widely implemented in and by the IT team. Barely half of the Ivanti respondents say IT automates cybersecurity configurations, monitors application performance, or remotely checks for operating system updates. While less than half say they are monitoring device performance, or automating tasks. This indicates few IT teams are systematically investing in DEX tools and practices to monitor the spectrum of user interactions and respond automatically to emerging problems before they disrupt employee productivity and satisfaction. Without these practices and tools, IT workers themselves struggle to cope with their coworkers’ “tech friction.” IT workers are over-burdened with the volume of DEX issues and hamstrung by manual resolution processes. Most of all, IT workers are “flying blind” because they lack detailed data about the real DEX issues plaguing themselves and the organization at large. Lack of DEX data undermines improvement goals This lack of data creates a major blind spot, says Daren Goeson, SVP of Product Management at Ivanti. “Accurate DEX data illuminate what are the real technology challenges that the organization is facing,” he says. “And the data enable IT to get at the root cause of the DEX issues.” Most IT organizations lack metrics for DEX. These include digital experience scores (only 48% do this), device/user analytics (42%) and speed of ticket resolution (39%). Without metrics, IT workers can’t discover the scope, scale, and severity of DEX issues. They can’t prioritize DEX problems or measure progress toward DEX goals. Ivanti’s research shows the extent and costs of these chronic, endemic DEX problems and the toll they take: Office workers have to cope with an average of four technology-related issues every day, such as poor application or device performance, slow networks, and many more. 60% of office workers report frustration with their tech tools. 55% of them say negative experiences with workplace technology impact their mood and morale. A higher percentage of executive leaders than other information workers report experiencing sub-optimal DEX. To improve digital employee experience, start with IT employees “IT leaders can use the IT organization as a test bed to prove the effectiveness of proactively managing DEX,” says Goeson. Managed, measured DEX will ease IT’s workload and make staff more productive. How IT leaders can improve DEX for IT professionals: Ensure IT staff have the updated tools they need to work anywhere. Nearly one-quarter (23%) of IT workers say that their current toolset is not as effective in off-site work. Establish DEX metrics and equip IT with the DEX management processes and tools to monitor, collect, analyze, and present this data. Deploy automation processes and accurate knowledge bases to speed up help desk response and resolution. Leverage AI and machine learning capabilities – through endpoint management and service desk automation platforms – to detect data “signals” such as performance trends and thresholds before they become full-blown problems. And to automate routine tasks, such as installing a new patch or remediating slowed app performance. Prioritize automating help desk responses to trouble ticket requests by using self-service portals, AI/machine learning capabilities for routing and analyzing online and telephone ticket requests. The bottom line IT leaders can demonstrate the impact of managed, measured DEX for the enterprise. But that means starting by optimizing DEX for the IT organization. For more information, see Ivanti’s 2024 Digital Employee Experience Report: A CIO Call to Action. source

Edge computing, fueled by AI, represents a new evolutionary phase in digital transformation. For some companies, this convergence is already driving business, and in the EU specifically, distributed open marketplace Europe, or DOME, will help CIOs get on the right path. source

He cites as an example his work with one manager who was great at the nuts and bolts but needed to work on becoming a better leader by honing communication and change management skills. The manager wasn’t able to exceed expectations until he built up his leadership capabilities. 9. They’re aiming for speed (above all else) IT must work to keep up with the rapid pace of technology advancement and innovation, yet IT managers can miss the mark if they overly index for speed. “Sometimes [managers] are in such a hurry to get things done that they don’t take the time they need to get clarity, to get all the stakeholders on the bus to accomplish things all together and instead leave people on the side of the road,” Bonfante says. “They move fast but end up in the wrong spot.” Consequently, the managers get praise for velocity but rebukes for failing to hit objectives, he adds. Managers (and their own supervisors and CIOs) can still prioritize speed, of course, Bonfante says. But everyone needs to invest the time required to set the compass on the right course before speeding off. “That’s an issue with the organization’s culture, not just a manager’s decision,” he adds. 10. They’re not yet true leaders IT has shed its reputation as a back-office function and is now integral to business success, but many IT managers still lack the fundamental business skills needed to succeed, says Craig Stephenson, global head of the tech, ops, data/AI, and infosec officers practice at management consulting firm Korn Ferry. They’re not effective listeners. They don’t communicate ideas as articulately as they should. They can’t influence others or effectively manage stakeholders. And they can’t create mission and purpose for their teams. “It could be that they’re not getting the support internally they need or haven’t developed or trained in terms of people leadership,” Stephenson says. Such deficits can ding their performance reviews. But, like other shortfalls in management capabilities, these can be overcome with training and development such as rotational tours of duty through business units, Stephenson says. source

The site has so far ranked models from the likes of OpenAI, Meta, Mistral, Anthropic and Google on more than two dozen technical specifications. Other model makers are also urged to request evaluations of their models’ compliance. “We reveal shortcomings in existing models and benchmarks, particularly in areas like robustness, safety, diversity, and fairness,” researchers from LatticeFlow, INSAIT and ETH Zurich wrote in a technical paper. “Compl-AI for the first time demonstrates the possibilities and difficulties of bringing the act’s obligations to a more concrete, technical level.” Most models struggle with diversity, non-discrimination Under the EU AI Act, models and systems will be labeled as unacceptable, high, limited, and minimal risk. Notably, an unacceptable label would ban a model’s development and deployment. Model makers could also face large fines if found not in compliance. source

If software supply chains consisted solely of open source code, securing them would be easy. Effective tools and methodologies exist for discovering and remediating software supply chain security risks that arise from open source components. But supply chains also can, and typically do, contain closed-source code derived from third-party sources. Securing this part of the supply chain often proves much more challenging because software supply chain security tools often don’t focus on closed-source code. When you add software-as-a-service (SaaS) apps to the mix, securing the supply chain becomes even more complicated. These challenges can be solved, but they require a more extensive approach to software supply chain security than some businesses take. Here’s why securing open source alone is not enough and how organizations can do better. The three categories of software supply chains Broadly speaking, three types of software can exist within a software supply chain (which means the set of third-party software resources a business uses): Open source libraries, modules, and other code that developers integrate into applications they build or leverage as dependencies Closed-source products from external vendors that businesses deploy and manage on their infrastructure SaaS applications that are developed, hosted, and managed by an external vendor but used by the business Most organizations use a combination of these types of software resources. For example, IDC found that 66.7% of businesses identified open source as “critical” or “important” to their organizations (IDC’s Five Open Source Software Themes to Embrace, November 2023). At the same time, approximately one-third of businesses depend on SaaS applications to power core business functions, a figure that IDC expects to rise over time (IDC’s SaaSPath 2023 Executive Summary: Examining the SaaS Buyer’s Journey, June 2023). Other business functions are likely addressed using third-party closed-source applications that organizations operate themselves, since few companies build business software totally from scratch. The awkward role of closed-source code in supply chain security Despite the diverse types of software that exist in most supply chains, software supply chain security tools and strategies have tended to focus largely on risks associated with open source. For example, a key category of software supply chain security tooling is software composition analysis (SCA). Typically, SCA solutions work by scanning applications to identify components that resemble open source code, then flagging any such components that are subject to known security vulnerabilities. This approach doesn’t work well for uncovering flaws linked to closed-source code because that code is secret. As a result, SCA scanners cannot typically identify vulnerable closed-source components unless they have access to private code repositories and vulnerability databases — which is very rarely the case. Likewise, creating a software bill of materials (SBOM), which tracks third-party software components and dependency, has become a best practice for securing the software supply chain. But SBOMs are designed mainly to catalog open source software. Documenting closed-source components using SBOMs may be technically possible, but many of the assumptions made by SBOM formatting standards don’t make sense in the context of closed-source code. As a result, few SBOMs track closed-source components. In short, third-party closed-source code fits awkwardly, at best, within modern approaches to software supply chain security. Given the lack of effective tools and tracking methods, it is easy for businesses to neglect this part of their supply chains. Why closed-source and SaaS apps must be tracked Such oversights can result in enormous risks. Some of the highest-profile software supply chain attacks to date — like the SolarWinds breach — have involved closed-source code, not open source products. When incidents like these occur, businesses that fail to track which third-party closed-source apps they use risk not knowing that they are vulnerable or being able to confirm that patches have been installed. On balance, it’s worth noting that the risk surrounding closed-source security vulnerabilities are a bit different from open source flaws. With closed-source apps, it’s more likely that a vendor will automatically install a patch — although this doesn’t necessarily happen. In addition, because open source vulnerabilities are publicly documented, and sometimes accompanied by exploit code, it’s relatively easy for threat actors to take advantage of them. Exploiting vulnerabilities in closed-source code can be more challenging because information about them is often not as readily available. But just because closed-source apps are somewhat less ripe for attack in certain respects doesn’t mean businesses can simply ignore non-open source software when securing their supply chains. The fallout of an attack against closed-source applications can be quite serious, as many businesses that were using SolarWinds circa 2020 know. Integrating closed source into software supply chain security Given the lack of software supply chain security tools designed for closed-source apps, how can businesses gain visibility into these resources and their potential security risks? Part of the answer is to use enterprise architecture (EA) tools to document which applications the business has deployed. In this context, these tools can serve a purpose akin to SBOMs for open source. Using SBOMs to track SaaS applications would also be a wise practice. The idea has been proposed, but is not currently in widespread use. More generally, IT and cybersecurity leaders should make clear that managing third-party closed-source code within the context of supply chain security is just as much of a priority as protecting open source components. The process is complicated and not as straightforward as finding and fixing open source vulnerabilities, but it’s an imperative for businesses that want to make a comprehensive commitment to software supply chain security. Learn more about IDC’s research for technology leaders. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the technology markets. IDC is a wholly owned subsidiary of International Data Group (IDG Inc.), the world’s leading tech media, data, and marketing services company. Recently voted Analyst Firm of the Year for the third consecutive time, IDC’s Technology Leader Solutions provide you with expert guidance backed by our industry-leading research and advisory services, robust leadership and development programs, and best-in-class benchmarking and

A recent survey conducted by Censuswide on behalf of Red Hat polled 609 IT managers across the United Kingdom and other major markets. More than 80% of IT managers reported an urgent AI skills shortage, mainly in areas such as generative AI, large language models (LLMs), and data science. This is up from 72% last year. The need to sell AI, the need to consume AI, and the inability to do so lead to what I’m calling “AI stagnation,” a complex issue that is confounding many in the AI space, including yours truly. AI at a near standstill Technology providers continue to pour resources into AI development, creating advanced tools, platforms, and infrastructure. Tech giants’ and startups’ investments in AI are reaching unprecedented heights, with industry watchers predicting more than $120 billion in funding for AI startups in 2024 alone. The contributions of major players, such as Nvidia, OpenAI, and Anthropic, to a thriving AI market are reminiscent of the dot-com era. This type of capital influx is typically a positive indicator, signaling robust interest and faith in the potential for future returns. source