CIO CIO

Roy anticipated that the fee increase would hit project economics. “This will hit budgets and possibly timelines somewhat,” he said. “However, I expect significant internal pressure – with big tech and Fortune 100 majors to convey strongly to the US administration that this will make American firms less competitive.” Technology companies and IT services providers remained silent on strategic responses. Amazon, Google, Meta, and Microsoft did not respond to requests for comment. Indian IT services companies, including TCS, Infosys, HCL Technologies, and Tech Mahindra too didn’t respond to requests for comments. Roy framed the challenge in broader strategic terms: “The damage is done. Trump’s rapid vacillation points to continuing uncertainty and increasing pressure for US firms to consider building/expanding GCCs.” The long-term outcome, analysts suggested, was not disruption but evolution toward more robust delivery models.  “Fortune 500s should plan for short-term friction, but the long-term outcome is a sturdier delivery model,” Gogia concluded. “The surcharge is disruptive, but it does not derail transformation — it forces it onto a more resilient footing.” source

During an analyst call shortly after the announcement, Catz said, “I’m still here and I’m an employee [of Oracle].” She said that the transition is being made now because Oracle has recently reported some very large potential new contracts. “We wanted to make the transition when things are going great,” she said.  Bickley said the likely impact on Oracle customers in the near term is minimal. But he stressed that Oracle is making its AI move very differently from others, which makes sense given Oracle’s different market position.  Unlike other hyperscalers such as Microsoft, Amazon, and Google, Oracle is content to hold onto its massive database installed base and simply add AI services for those enterprises, making its offerings stickier. This contrasts with most of its rivals that are trying to grow their AI installed base by either stealing customers from each other or bringing in a larger percentage of newcomers.  source

There is so much going on in the world right now that it’s little wonder that not much attention is being paid to IT. From climatic perturbations, to daily acts of violence, to heightened geopolitical tensions, infrastructure breakdowns, and unpredictable public policy pronouncements, IT — with the exception of AI — is largely off the radar of most people’s larger discussions of the day. This is a dangerous proposition as we sit at a momentous technology inflection point — Le moment de vérité (moment of truth) in the words of outgoing French Prime Minister François Bayou. CEOs, senior executives, the public, and print/broadcast/social media outlets are not devoting enough critical thinking time to IT. I conducted a worker-in-the-trenches survey that suggested the general thinking around IT today is, “If it isn’t broken, don’t talk to me about it.” source

Oracle surpassed SAP as the number one ERP applications vendor for the first time in 2024, according to research firm Apps Run the World. Oracle achieved $8.7 billion in ERP revenue versus SAP’s $8.6 billion, ending SAP’s dominance that lasted over four decades. Substantial financial stakes The potential financial implications are substantial for SAP, which reported overall revenue of $37 billion (€34.18 billion) in 2024, marking a 10% increase compared to the previous year. EU competition authorities can impose penalties of up to 10% of a company’s worldwide annual turnover for antitrust violations, which could translate to over $3.7 billion (€3.4 billion) in potential fines for SAP based on its current revenue, the report added. This threat comes at a particularly sensitive time for SAP, as the company’s cloud revenue surged 25% to $18.6 billion (€17.14 billion) in 2024, with Cloud ERP Suite revenue growing 33% to $15.3 billion (€14.17 billion). Maintaining competitive positioning in this rapidly growing market segment is crucial to SAP’s strategic transformation. source

The arrival of agentic AI rewrites the rules of engagement for cybersecurity. As new tools and workflows create novel attack surfaces, the velocity and sophistication of AI-driven threats now demand a response that transcends technology alone. This new reality calls for a profound shift in our thinking toward a security-conscious culture, one where trust and empowerment form our first line of defense. Every part of a business must embrace security as its own critical responsibility. This means ensuring our employees are well-equipped and empowered to make sound, secure decisions. It means fostering an environment where people feel comfortable speaking up when they spot something that doesn’t seem right. And, critically, it means ensuring every leader across the business knows how to communicate and collaborate effectively if the worst happens and a breach occurs. The new battlefield: Agentic AI and our widening vulnerabilities In my years specializing in computer crime investigations, including my time as a Special Agent with the Air Force Office of Special Investigations, I’ve seen firsthand how the frontlines of the cyber conflict shift. Today, it’s clear that networks worldwide are the primary arena for those who wish to do harm — whether it’s nation-states aiming to steal vital secrets or disrupt our critical infrastructure, or cybercriminals looking to cripple business operations for their financial gain. Agentic AI magnifies this challenge considerably. When we talk about agentic AI, we’re essentially describing AI that has been given its own “arms and legs” to take independent action — a powerful way to visualize it, as our CEO, Nikesh Arora, often describes. This reality propels us into what I can only describe as an “arms race.” We must continuously ask ourselves one question: Will our defenses be nimble and smart enough to keep pace with those on the offensive, or will attackers gain the upper hand? At the heart of this race is the speed with which attackers can use agentic AI to devise entirely new capabilities and coordinate their efforts with astonishing efficiency. It’s also the speed with which we, as defenders, must detect these actions and respond effectively. We can no longer think of our defenses like a fortress with a simple, hard outer wall. The attack surface — all the ways attackers can try to get in — is now much more fluid. It encompasses our mobile devices, our cloud computing environments, and what remains of our traditional networks. We need clear visibility and the ability to identify malicious actions at every conceivable point — from one computer to another, as well as between applications and the various layers of our digital infrastructure. The erosion of trust: AI-powered deception One of the things that concerns me about advanced AI is how cleverly it can be used for manipulation, adding another layer of complexity to our work. Attackers are already using AI in numerous ways, particularly in crafting social engineering schemes that are more convincing than ever. Language barriers, for instance, which once might have provided subtle clues of an attack, have been virtually eliminated. This capability now extends alarmingly to voice and video. It’s possible for attackers to take a mere 5–10-second snippet of someone’s voice and then replicate it with frightening accuracy, making it incredibly difficult to detect fraudulent calls to a help desk or other deceptions that rely on voice. The rapid advancement into deepfake video capabilities further blurs the line between what’s real and a manipulated imitation. Figuring out if you’re talking to a colleague or an AI-generated fake will get tougher and, I suspect, become a more common challenge. This means we cannot solely rely on the ways we’ve traditionally verified identity. If an attacker’s aim is to compromise someone’s identity to access sensitive information, then it’s paramount that all the subsequent steps in our processes are even more secure. Every transaction involving our important data — how it’s accessed, changed, or moved — must have robust verification at every single stage. Beyond technology: The enduring power of data, process, and people With the cost of data breaches now averaging nearly $5 million[1] for organizations, being strong on cybersecurity is, without a doubt, a real business advantage. In my experience, success in this demanding environment hinges on having access to the right information at the precise moment it’s needed to detect an attacker’s activity. Then, almost instantaneously, we must determine: Is this a legitimate action, or is it something malicious? Organizations that do this well have great people and effective technology. They also ensure that the visibility their technology provides is centralized. This allows their systems to automate much of the initial work of detection, freeing up their skilled employees to focus on investigating the most complex and nuanced situations. Conversely, a jumble of different security tools that don’t talk to each other effectively creates inherent hurdles for our defenders — hurdles that attackers are all too quick to exploit. One of the most pressing challenges I see organizations grappling with today is “shadow AI.”  I hear frequent questions from CIOs and CISOs: “How can I ensure we’re using AI in our organization safely? How do I even get a handle on what AI applications are being used across different departments? And, what company data might be fed into them?” The larger and more distributed the organization, the more complex this becomes. This makes a clear, centralized AI strategy — complete with approved applications and strong measures to prevent data leakage — more critical than ever. We need the ability to specify which AI applications are approved for use and ensure employees aren’t inadvertently introducing new, unsanctioned applications into our environment. However, even with these strategies, significant challenges remain. Stopping sensitive company data from accidentally being fed into public AI tools is something we’re continuously working on. Ensuring our internal defenses can match the sophistication of AI-powered attacks is another ongoing effort. And, critically, we must address the challenge of how much we can trust the outputs of AI systems, which still often

Cybersecurity professionals From “monitor” to “strategist”: AI agents can take over the repetitive work of scanning logs and prioritizing alerts at a speed no human can match. This frees up cybersecurity analysts to focus on complex challenges, such as threat hunting, creating proactive defenses and outsmarting sophisticated, AI-driven attacks. For example, a security professional might not manually write rules for a firewall; instead, they might oversee an AI agent that autonomously detects and remediates a security incident, such as isolating a compromised device and blocking malicious traffic, while the human strategist analyzes the attack’s origin to update future defense protocols. Data engineers & data architects From “cleaner” to “influencer”: AI can automate many of the tedious but manual processes of data cleaning, preparation and quality monitoring. This “shifts up” data professionals to higher-level, strategic functions, such as designing robust data architectures that align with business goals and leveraging data to create a competitive advantage. Rather than writing ETL scripts, a data engineer might instruct an agent to create and maintain a complex data pipeline from multiple sources, with the human’s role shifting to supervising the agent’s output and validating that the data architecture is optimized for real-time insights and is compliant with data governance policies. Sales and marketing From “manual executor” to “augmented creative”: AI agents can handle multi-step, complex tasks like lead generation, personalized outreach and managing campaigns at scale. This allows human salespeople and marketers to move from transactional work to building strategic relationships and crafting a core narrative. For example, a marketer might not manually create and A/B test ad variations. Instead, they might supervise a creative agent that generates thousands of ad variations, runs the tests and optimizes the campaign in real time, while the human focuses on defining the brand’s core message and the overall creative strategy. source

Treat clouds like water, not a warehouse When I first led cloud migrations, I made the mistake many do: We treated the cloud as a shinier data center. Costs ballooned, agility stalled and developers still had to ask permission just to experiment. The shift came when we started treating cloud like water, a utility. Always available, always measurable, always flowing to where it’s needed. That mindset changed everything. Suddenly, the conversation wasn’t about capacity, it was about speed, portability and cost per unit of value. This is the same principle that enabled India’s startups to scale fintech apps to a billion people. They didn’t build everything themselves. They leaned on India Stack, a set of digital identity, payments and document services available as APIs to anyone. Cloud became the rails, not the roadblock. source

Workday is extending its finance and human resources management platform to encompass digital workers on its own and other platforms, said Mickey North Rizza, IDC group vice president, enterprise software. “This system can be used to integrate and manage Workday agents as well as third-party agents. Workday is taking this opportunity forward to become a system of record for all workers — be they digital or human.” In addition, agent analytics within Workday ASOR log which agents are in use, by whom, and how, providing detailed reports on productivity impact. And since agents built with the Microsoft tools have individual Entra IDs, administrators can verify that each is working as expected, with no unnecessary access rights or unusual behavior. An ecosystem “We’re addressing a very acute need that we’re hearing from customers,” said Charles Lamanna, president, business and industry Copilot at Microsoft, in an interview, noting that every company he’s spoken to recently wants to bring in AI agents, “almost like AI coworkers”, and they’re trying to figure out how they can do it in a safe and secure way. source

We are already in a new kind of global conflict — a cyber cold war — and it’s unlike anything we’ve seen before. Today’s geopolitical tensions aren’t playing out solely through sanctions or soldiers. They’re unfolding invisibly, relentlessly, in the digital shadows. That’s where ransomware, espionage, and AI-powered attacks are being deployed by nation-states to disrupt economies, sabotage infrastructure, and destabilize societies. This is about stealing secrets and undermining operational continuity, sowing distrust and reshaping the global balance of power. This backdrop of geopolitical uncertainty only increases the imperative of doubling down on a modern, cyber-defensive posture. Our adversaries certainly aren’t sitting on their hands — and neither can we. With cyberthreats representing potentially existential risks to commercial organizations’ and militaries’ ability to conduct their most fundamental operations, both CIOs and CISOs must be directly involved in their organization’s cyberdefenses. That being said, CIOs must also keep in mind that this level of security defense and resilience isn’t primarily an IT function. Rather, they need to focus on geopolitical intelligence and strategic planning, as well as using those tools to marshal support and direction from the rest of the C-suite and board of directors from a business and operational perspective. The rules have changed In the original Cold War, the world’s most powerful nations built up arsenals of nuclear weapons and played a careful game of deterrence. In today’s environment, that deterrence has given way to digital aggression. Nation-states are gathering intelligence and working systematically to compromise infrastructure, steal intellectual property, and trigger widespread disruption.​ The usual players remain: China, Russia, Iran, and North Korea. But the tools of this war aren’t tanks or missiles. They’re malware strains, zero days, deepfakes, credential theft, and artificial intelligence. At Palo Alto Networks Unit 42, we’ve investigated incidents where North Korean attackers posed as recruiters to deploy malware disguised as developer tools — and that is just one recent operation among many. ​ These operations are escalating. Cyber campaigns linked to nation-states are becoming more targeted, more coordinated, and more emboldened. Our adversaries are moving beyond espionage toward sabotage. Today’s target-rich environment No organization is immune. Government agencies, power plants, financial firms, healthcare systems, and tech companies are all in scope. The rise of distributed workforces, cloud migration, and IoT has expanded the attack surface exponentially.​ Nation-state actors are increasingly partnering with cybercriminal gangs to obscure attribution and share tools. This alliance of capability and deniability makes them harder to detect and disrupt. Even the most mundane endpoint — a smart thermostat, a printer, a contractor’s laptop — could be the first domino to fall in the compromise of a whole network. These threat actors are as creative as they are determined. The Unit 42 Threat Intelligence unit tracked activity from suspected North Korean cyberattackers posing as recruiters or prospective employers. Their trick? Asking potential “employees” to install malware that seems to be actual development software as part of the hiring process. What organizations can do in the age of geopolitical risk The cyber cold war is a real threat, with real implications. As such, it requires real-time and actionable solutions, as well as long-range planning. Complicating this dynamic threat landscape is the rise of a regulatory environment that requires businesses and organizations across all sectors to bolster their cyber resilience and better protect critical data. Data protection and cybersecurity laws are proliferating throughout the world, led in large part by the European Union’s landmark Global Data Protection Regulation. In addition, the Securities and Exchange Commission’s new cyber disclosure rules require public companies to report breaches faster and more fully. This exerts more pressure on CIOs, CISOs, and their teams to respond to rapidly changing regulations and the potential legal consequences of failing to comply with these emerging requirements. Because this cyber cold war has been forming and transforming for a while, a blueprint of best practices is emerging for organizations’ benefit. Some specific recommendations include: Integrate geopolitical risk into business continuity planning. This isn’t optional. If your supply chain, customer data, or cloud infrastructure spans borders, you’re likely exposed to these transnational threats and the emerging regulatory efforts to counter those adversarial actors. Shift from perimeter security to identity-first, AI-enabled defense. In this new cold war, attackers move fast and hide well. Only AI-powered platforms can respond at machine speed — the way attackers already are.​ Invest in cloud security with global supply chains in mind. Nation-state attackers don’t care where your workloads live. But they will exploit any misconfiguration, gap, or delay in detection. Operationalize threat intelligence. Your teams need access to insights from groups like Unit 42, and not just the one-off threat report, but the continuous stream of intelligence to better inform your SOC, your infrastructure strategy, and your updates to the board. Rethink your role. You are both the steward of systems and the strategist responsible for business resilience. That includes preparing for the geopolitical risks that now shape the global business landscape. The cold war may be digital — but the consequences are real The battlefield has changed, but the stakes are higher than ever. Full-scale disruption of your operations is no longer a hypothetical. The only question is whether you’ll see it coming and whether you’re prepared to respond.​ CIOs who recognize the scale of this shift — and act decisively to modernize their defense posture — will emerge as critical strategic partners in the boardroom. Those who don’t will face security failures and broader risks to your operational readiness and reputation, potentially exposing you to regulatory consequences. The cyber cold war isn’t looming. It’s here. And now is the time to lead like it. To learn more about Palo Alto Networks, visit here. source

Responding to those concerns, SAP said in a written statement, “We recognize that transparency and confidence are critical for businesses navigating transformation. We’re actively delivering on these needs and making meaningful progress through initiatives like the RISE with SAP Migration and Modernization program. Our goal is to equip every organization with the tools and insight to make informed decisions and realize tangible value from their transformation journey.” However, a major issue facing prospective S/4HANA customers in the cloud, said Info-Tech Research Group advisory fellow Scott Bickley, is that “SAP is constantly moving the goalposts with regard to product nomenclature, feature mix, licensing practices, and price obscurity.” DSAG properly calls this out, he said, while simultaneously endorsing SAP’s cloud push. “The issue here is how one can expect an enterprise to make a mission-critical decision around deployment models, which will incur a generational price tag for legacy ECC clients, without having clarity and transparency around the BOM [bill of materials] and line item pricing,” Bickley said. “SAP’s documentation provides only a high-level vantage point to where high-level functionality resides, and is always subject to change.” source