CIO CIO

There’s an old tape we listen to that says, ‘Sometimes the best thing that can be said about IT is nothing.’ We have to abandon that old tape and tell our story, because in a world where ‘software eats everything,’ as Mark Andreessen famously said, IT executives have to be really great at storytelling and not be silent. We have to pivot to being upfront and blunt and bold, to tell our story, use our power of the pen, be our own advocates, and create our own digital twins of what we’re doing so people know the contributions we bring. After all, we are now the cool kids. IT is making hardware cool again. We’ve made an intelligent thermostat and smartphones and self-driving cars. Back in the day, we were the geeks with our pocket protectors. Now we are the big kids on campus, so let’s leverage our storytelling and talk about our cool-kid-ness. It needs to be both a verbal and a written exercise, because while putting it down on paper is important for crystallizing the thinking, telling it crystallizes it even more. The exercise of repeating it helps you synthesize it and make it even more palatable on the page. That cyclicality of the verbal and written exercise helps you fine-tune and hone your message over time. The more you tell your story, the better you’ll get at doing it. source

MCP is becoming the plug-and-play standard for agentic AI apps to pull in data in real time from multiple sources. The Pulse MCP server directory currently lists more than 4,300 active MCP servers allowing LLMs to connect with data feeds ranging from Spotify and YouTube, to Salesforce and GitHub. The momentum behind the protocol will likely accelerate adoption as developers coalesce around a common standard, and alternatives struggle to gain traction. However, this also makes it more attractive for malicious actors looking to exploit weaknesses in how MCP has been deployed. This is especially relevant where MCP is being used to access external third party data sources. Although not related to this particular technology, the recent cyber attack on UK retailer Marks & Spencer was due to a weakness in one of its supplier’s IT systems. The error wiped almost nearly a billion dollars (£750 million) for the company’s market capitalization, and is expected to knock nearly half a billion off operating profits this year. A question of security So what are some of the key vulnerabilities that MCP presents and how might they be addressed? MCP is designed to operate in a more dynamic way than traditional APIs where manual oversight in setting up data feeds is more the norm. For agentic AI to truly benefit from the advantages of MCP, the dynamic discovery of data sources and real-time access will often be required. Unfortunately, in its current form, MCP doesn’t have sufficient security capabilities baked in for enterprises to deploy it without taking additional precautions. source

The problem is that this is also the time when executives on the client side look most avidly for the deal’s promised gains; business unit heads and line managers wonder why IT service levels aren’t improving; and IT workers wonder what their place is in this new mixed-source environment.   The best advice is to anticipate that the transition period will be trying, attempt to manage the business side’s expectations, and set up management plans and governance tools to get the organization over the hump.  Outsourcing governance  A highly collaborative relationship based on effective contract management and trust can add value to an outsourcing relationship. An acrimonious relationship, however, can detract significantly from the value of the arrangement; the positives degraded by the greater need for monitoring and auditing. In that environment, conflicts frequently escalate and projects don’t get done.  Successful outsourcing is about relationships as much as it is actual IT services or transactions. As a result, outsourcing governance is the single most important factor in determining the success of an outsourcing deal. Without it, carefully negotiated and documented rights in an outsourcing contract run the risk of not being enforced, and the relationship that develops may look nothing like what you envisioned.  [ For more on outsourcing governance, see 7 tips for managing an IT outsourcing contract.]  Repatriating IT — when backsourcing makes sense Repatriating or backsourcing IT work (bringing an outsourced service back in-house) when an outsourcing arrangement is not working — either because there was no good business case for it in the first place or because the business environment changed — is always an option. However, it is not always easy to extricate yourself from an outsourcing relationship, and for that reason many clients dissatisfied with outsourcing results renegotiate and reorganize their contracts and relationships rather than attempt to return to the pre-outsourced state. But, in some cases, bringing IT back in house is the best option, and in those cases it must be handled with care. This trend is part of a broader IT realignment effort, where companies are increasingly replacing outsourcing arrangements with internal centers of excellence for key functions like DevSecOps and agile development.   Captive centers (aka DIY outsourcing)  A captive center is a service delivery organization owned and operated by its client, to which the center provides direct resources. These centers are typically offshore in low-cost locations and provide an alternative to the traditional outsourcing model, although some are often initially set up by traditional outsourcers before being transitioned to the client.  Fully owned global IT service centers are picking up steam as a talent and service delivery strategy of late, but going the captive route requires clear-eyed consideration of benefits and risks, as well as desired business outcomes.   [ For more on this model, see Captive centers are back. Is DIY offshoring right for you? ]  More on outsourcing: source

The hype cycle begins innocently enough. A Board member attends a conference where a vendor showcases a dazzling AI demo. The potential for multiplying workforce productivity at next to no cost seems almost… too good to be true. Back at the office, excitement turns to confusion as the IT team struggles to get the chosen technology working predictably with real data. The Board starts asking questions about the absence of improvement in business objectives. Six months later, the project, still in proof-of-concept, has not delivered any real operational improvements. However, by this point, hundreds of thousands of dollars have been spent, so the team can’t turn back. Unexpected challenges occur causing unplanned Cloud and API cost blow outs . New systems conflict with existing and ageing infrastructure. The Security team identifies vulnerabilities in the system and stalls deployment until issues can be addressed. Meanwhile, the vendor offers vague updates and promises future fixes hidden somewhere on the roadmap. This technical debt accumulates silently. The cutting-edge technology solution that impressed executives gradually becomes one more failed technology project while leaving another legacy yoke over the organisation’s shoulders. This scenario repeats itself across boardrooms in Australia and New Zealand (ANZ), but according to transformation partner Fusion5, it needn’t be this way. Making digital transformation deliver Fusion5 has studied these challenges extensively with customers across various industries in Australia and New Zealand and developed a methodology to help CIOs close the gap between business ambition, tech vision and performance reality. “Every CIO wants to lead purposeful digital initiatives that deliver actual business benefits,” says Sven Martin, Fusion5 Chief Executive – Australia. “But they’re also facing unprecedented challenges, a tsunami of new tools that every layer of every organisation is impatient to use, tight privacy and security requirements, and boards that want to see tangible improvements in business metrics they care about.” Martin says Fusion5 begins each engagement by understanding the customer’s strategic outcomes, key business objectives and their priorities. Once understood and agreed, only then does the team start advising on technology options that can be demonstrated to improve business metrics like profit margins, workforce productivity, time to market, and customer satisfaction. Why tech is only one ingredient of the success recipe With over two decades of experience supporting Australian and New Zealand organisations, Fusion5 understands that successful digital transformation relies not just on technology, but also on strong business processes and a culture ready to embrace change. “Digital transformation demands access to quality data and processes that can genuinely operate in a digital way,” says Kristy Brown, Chief Executive. New Zealand “There’s little value in having a digital front-end that simply triggers an email and reverts to a manual process behind the scenes.” With our customers “We place just as much emphasis on supporting cultural change and uplifting digital business capability as we do on implementing and integrating systems.” To add on to Brown’s perspective, Martin believes attaining value through technology requires an integrated combination of threads from technology, interoperability, data security, governance, business processes, and future thought on augmenting AI into team and role workloads. “CIOs want these augmented skills at the table with fewer partners to focus on the real opportunities at hand,” adds Martin. Fusion5 deliberately avoids the common practice of using subcontractors to deliver components of a contract. Instead, it maintains in-house capability for both implementation and support—an approach it sees as critical to digital transformation success. This model eliminates the accountability gaps and complexity that often arise from managing multiple subcontractors and back-to-back agreements. Brown advises that many organisations perceive digital transformation as being a relatively easy task, but soon realise that starting from scratch is a tall mountain to climb. Fusion5 has pre-built industry templates and cloud accelerators based on its extensive experience in those industry segments to help speed up implementation timelines and accelerate time to value. Once the business processes and support from people are in place, the company helps customers choose technologies without the gruelling work of evaluating vendor claims against reality. The company provides research about emerging transformational technologies, particularly AI, focusing on genuine capability and practical applications that deliver business outcomes. Finally, Fusion5 works with customers over the long term to ensure success. “Organisations continue evolving long after they initially deploy systems,” notes Brown. “We form long-term partnerships with our customers to ensure solutions adapt to changing business needs and strategic priorities.” From Vision to Value – Making Strategy Stick According to Fusion5 Australia’s Martin, a trap in using external tech consultancies is that strategy is often separated from implementation. Most CIOs will have experienced the pitch from a large consultancy where a global expert presents in a strategy session, but is never seen or heard from again for the entire duration of the project which means the strategic vision rarely survives contact with the realities of delivery. True digital transformation demands more than technology alone, it requires business alignment, operational readiness, and a partner that understands how to turn ambitious ideas into measurable outcomes. That’s where Fusion5 focuses its efforts. Fusion5 combines both strategy and implementation in unified teams. And as a solution-agnostic transformation partner, the company prioritises business needs over any specific platforms. This methodology offers specific advantages to mid-market and enterprise organisations throughout ANZ: reduced implementation risk, faster time-to-value, and flexible engagement models that can be adjusted to different-sized organisations. Bridging the gap between promise and reality The Fusion5 team will be at the upcoming CIO Summit. Come and discuss how to improve your organisation’s digital transformation methodology and how to close the gap between vendor promises, IT team aspirations, and business outcomes. Find out more. source

As generative AI (genAI) becomes a strategic priority for organisations, Lenovo’s new research series – Work Reborn – reveals a critical disconnect. The first report – Reinventing Workplace Productivity – shows that while CIOs see the potential impact of AI, many workplaces lack the infrastructure to support it. And it will take more than incremental change to fix that. CIOs must reinvent their digital infrastructure to unlock genAI’s full value – here’s why: A strategic need for reinvention. For most IT leaders, thinking proactively is key to competitive advantage. And considering the rapid rise of AI, that usually means thinking proactively about how to unlock the potential of genAI. According to our research, a key part of staying ahead of competitors with genAI involves an overhaul of digital systems. In fact, 89% of IT leaders surveyed believe only a complete overhaul of digital workplace systems will allow them to get significant results with AI. And that jumps to 93% for CIOs, IT directors and VPs of ITAs. Staying ahead is a top concern for these IT leaders. Over half (51%) agree that better access to AI tools is crucial for innovation and 76% say that businesses not empowering employees with AI will lag behind in the next one to two years. The barriers to genAI’s promise This technology holds the potential to revolutionise productivity by transforming how organisations personalise the employee experience. And 90% of CIOs, IT directors and VPs of IT believe digital workplace transformation is essential for employees to use AI effectively. But barriers remain. The most significant is inadequate workplace personalisation and poor integration of AI-driven IT support systems. While 86% of senior IT leaders agree that AI will allow employees to focus on more impactful work, a limited ability to configure devices and applications to users’ needs is preventing progress. These challenges not only limit productivity, but they also pose strategic risks. Although 64% reported significant automation of IT processes with AI within their organisation, there’s still confusion about how to effectively use genAI. Actionable CIO agenda How can CIOs reinvent the digital workplace? Here are my top three tips: Simplify and personalise: use persona-based genAI configurations to tailor the workplace experience—according to CIOs, this is particularly helpful in building a business case for digital workplace transformation. Automate IT: employ AI to optimise support processes and reduce friction. Transform workflows: only 39% IT leaders say their organisation has started transforming their digital workplace. It’s time to rethink existing processes to fully integrate genAI across the organisation. CIOs are at a tipping point. To move from AI hype to real-world productivity gains, they must lead the charge in reimagining the digital workplace. This isn’t just about IT upgrades. It’s about redefining how work gets done. To learn more, read Reinventing Workplace Productivity, the first report in the new Lenovo Work Reborn Research Series 2025. More reports will be published throughout this year. Find further insights at Lenovo Digital Workplace Solutions. source

Organizations are on the hunt for skilled talent in data, security, and engineering roles — but aspiring candidates are encouraged to develop skills, hands-on experience, and adaptability given that change is the one true constant. source

Now that the rush to adopt the cloud has passed, many organisations are facing the consequences of that pace. Fragmented environments, inconsistent governance, and platforms that weren’t designed to scale are common. Technical debt is slowing teams down and driving up operational costs. Every new workload introduces risk and friction. The root cause? It’s rarely the technology itself. More often than not, it’s the absence of a defined platform model balancing speed with control. This is where Azure Landing Zones come in. While the term may sound technical, the concept is simple: establish the foundations first. What is an Azure Landing Zone? Much like the slab, wiring, and plumbing of a new home, an Azure Landing Zone provides the foundation and core infrastructure. Each team can customise the interior to suit their needs, but the building codes, safety standards, and compliance requirements are built in and consistently enforced, setting the groundwork for controlled and efficient operations.  To build that foundation properly, Microsoft’s Cloud Adoption Framework (CAF) defines eight core design areas that every Landing Zone should address: Identity and access management Azure and Entra billing Resource organisation Network topology and connectivity Security Management Governance Platform automation and DevOps Rather than recreating these controls for every team or retrofitting them when problems arise, a Landing Zone provides a consistent starting point. It reduces duplication, enforces standards, and prevents the slow accumulation of risk and complexity that occurs when cloud environments grow without clear boundaries. These design areas serve as a field-tested reference architecture, helping organisations align technical implementation with broader business goals. Why should IT leaders care? The early phases of cloud adoption often prioritise speed. But without clear guardrails, the same agility enabling innovation can also introduce risk and prevent organisations from realising the transformation they were promised. Security, compliance, cost visibility, and operational performance: they all suffer when cloud environments are inconsistent or grow organically. Common signs of trouble include: Subscription sprawl with unclear ownership Workloads bypassing security controls Poor visibility of cloud spend and resource usage Long lead times to provision environments Limited telemetry, monitoring, and support readiness Teams blocked from delivery due to shared environments or dependencies Once embedded, these problems are difficult to unwind. Landing Zones address them by shifting the model: define the platform first, plan for future scale, and establish governance and guardrails across the environment. Then let teams build and move quickly within that framework. For technology leaders, this is about enabling secure, scalable, and sustainable innovation. The strategic value of getting it right A well-implemented Landing Zone strategy delivers long-term value across multiple dimensions. By providing speed with structure, teams can onboard applications, projects, or regions without delay. When teams work within environments that are ready to go, with core services and controls already in place, time-to-market improves, and rework is reduced. More importantly, teams gain visibility into their own workloads, costs, and security posture. Cost management becomes more precise, with top-down governance that includes tagging, budgets, and chargeback models. Security and compliance are applied from the start, with access, encryption, monitoring, and alerting consistently enforced. Operational consistency improves as telemetry, backup, and incident response patterns are built into the platform. Most importantly, Landing Zones support scale. Defined as code, they can be replicated, adapted, documented, change-controlled, and improved over time. This allows organisations to expand confidently, meet new business demands, and mature their cloud estate without starting over. Why It’s worth the investment The cloud is not a one-off project. It’s an operating model. That means the costs of getting it wrong are cumulative: every manually provisioned resource, undocumented or inconsistent configuration. It all adds friction, risk, or technical debt. Building Landing Zones may seem like overhead early on. In reality, they lay the groundwork that allows everything else to move quickly. With the foundations in place, teams avoid rework and operate within safe boundaries that support autonomy and scale. How landing zones are built in practice  There is no one-size-fits-all implementation. Organisations vary in size, structure, and cloud maturity. But a typical approach includes: Initial planning and assessmentAlign cloud strategy (and Landing Zone design) with business goals, regulatory requirements, and existing platforms. Determine what can be reused and what must be rebuilt. Reference architectures and templatesUse Microsoft’s CAF and tooling as a baseline. This includes Terraform and Bicep accelerators, Azure Verified Modules, and policy libraries aligning to NIST, ISM, and more. Platform as codeDeploy the Landing Zone using infrastructure as code. This ensures repeatability, version control, and automation. Incremental adoptionApply the model to greenfield workloads first. Then bring existing resources under management, using tagging, policies, and monitoring to enforce consistency that might have been missing. Operational alignmentIntegrate monitoring, security operations, and cost management into the platform. Make sure the operating model supports the Landing Zone from day one. Organisations with strong internal cloud capabilities can build this themselves. Others adopt pre-built accelerators or work with partners who specialise in platform design. But the unifying factor is to focus on the outcomes: speed, safety, and simplicity at scale. Closing thoughts Cloud success is not defined by what you can deploy, but by what you can operate, govern, and grow with confidence. And the organisations that will thrive are the ones that build the right foundation first, making deliberate choices early to reduce complexity, enable scale, and support their teams. For more on how to unleash the full potential of Azure in your organisation, visit Brennan. source

The enterprise cloud narrative is undergoing a fundamental shift. After years of public cloud evangelism, IT leaders are orchestrating what Broadcom’s latest research aptly terms a “cloud reset”—a strategic recalibration that positions private cloud as tomorrow’s strategic imperative. The numbers tell a compelling story. According to Broadcom’s inaugural “Private Cloud Outlook 2025: The Cloud Reset” report, which surveyed 1,800 senior IT decision-makers globally, 93% of enterprises now balance a hybrid mix of private and public cloud environments. More striking still, 69% are actively considering repatriating workloads to private cloud, with 35% having already executed this strategic shift. This isn’t cloud repatriation driven by the failure of public cloud migration—it’s optimization driven by the need for security, simplicity, and cost control. The security awakening Security concerns are propelling this transformation. The research reveals that 92% of enterprises trust private cloud for security and compliance, while 49% cite data privacy and security concerns as their primary worry about public cloud. These aren’t abstract fears. Data loss and leakage and data privacy and confidentiality remain the top security concerns in cloud computing, according to recent industry studies. Security-sensitive applications lead the repatriation trend, followed by data-intensive applications. What’s particularly noteworthy is that modern, cloud-native workloads are as likely to be repatriated as traditional applications, debunking the myth that only traditional applications return to private infrastructure. The cost reality check Financial predictability is the second pillar driving private cloud adoption. Broadcom’s research found that 94% of enterprises believe some of their public cloud spend is wasted, with nearly half (49%) estimating that more than a quarter of their public cloud expenditure delivers no value. Even more concerning, 31% believe waste exceeds 50% of their cloud budget. This cost unpredictability stems from the complexity inherent in public cloud pricing models and the unmanageability of hundreds of consumption meters.  As per the IDC blog, about half of cloud buyers spent more on cloud than they expected in 2023, with 59% predicting similar cost overruns during 2024. In contrast, 90% of organizations value the financial visibility and cost predictability that private cloud environments provide as per the Broadcom study. These statistics illustrate the beliefs–and realities–that are driving enterprises to private cloud. The strategic repositioning Enterprise cloud strategies are evolving beyond the binary public-versus-private debate toward intentional workload placement. Organizations are no longer asking “cloud or no cloud” but rather “which cloud for which workload.” This strategic maturity recognizes that different applications have different requirements for security, compliance, performance, and cost optimization. The data supports this shift toward intentionality. Fifty-three percent of enterprises plan to build new workloads in private cloud environments, indicating that private cloud isn’t just about repatriating existing applications—it’s about strategic future deployment decisions. The 84% of enterprises running both traditional and cloud-native applications in private cloud demonstrate that modern private infrastructure has achieved the agility and self-service capabilities that were once exclusive to public cloud platforms. The AI catalyst Generative AI is accelerating private cloud adoption. Organizations eager to harness AI capabilities face significant hurdles around data privacy and skill shortages. Private cloud environments offer the data residency, security controls, and governance frameworks necessary for enterprise AI deployment while maintaining compliance with increasingly stringent data protection regulations. Overcoming implementation challenges Success in this cloud reset requires organizations to address organizational challenges. IT teams must overcome traditional silos and skill gaps that have historically hindered private cloud deployments. Restructuring teams into platform level teams and enhancing in-house expertise are critical steps for realizing private cloud’s full potential. The path forward The cloud reset represents a maturation of enterprise IT strategy. Organizations are moving from cloud enthusiasm to cloud optimization, driven by real-world experience with security vulnerabilities, cost overruns, and compliance requirements. This shift doesn’t represent a rejection of public cloud but rather an embrace of strategic cloud deployment. The most successful organizations will be those that deploy workloads based on specific requirements rather than broad assumptions about cloud superiority. Private cloud has evolved far beyond its legacy reputation. Modern private cloud platforms offer the self-service capabilities, automation, and agility that enterprises demand while providing the security, compliance, and cost predictability that public cloud often cannot guarantee. The cloud reset is here. Organizations that recognize private cloud as a strategic asset will be best positioned to optimize their cloud investments for security, cost, and performance in an increasingly complex digital landscape. To learn more, visit us here. About the author: Pankaj Gupta is Senior Director of Private Cloud Solutions at VMware by Broadcom, where he helps customers unlock the full value of their private cloud investments. Previously, he led go to market initiatives across networking, security, and cloud portfolios at Cisco, Citrix and other leading technology firms. source

The huge numbers of IT layoffs in 2024 and early 2025 are likely to continue as companies look to drive efficiencies with AI while bracing for a recession. source

Keith Shaw: Hi, everybody. Welcome to DEMO, the show where companies come in and show us their latest products and platforms. Today, I’m joined by Jim Spare. He is the Chief Product Officer at IDC. Welcome to the show, Jim. Jim Spare: Yeah, thank you very much. Keith: IDC — we used to be connected to you guys as well — and IDC is known as an analyst firm. You’re not really known for products. So why are you here on DEMO? What are you going to show us today? Jim: Well, as a global market research firm, we have worldwide coverage of technology markets, products, and vendors. And as a market intelligence company, we’re constantly looking at new and better ways to serve our customers. One of those ways is to serve them in a more interactive and digital format. So we’re building digital platforms that take advantage of artificial intelligence and enable us to harness all our knowledge and deliver it to customers in a customized digital form. The name of this is IDC TechMatch. Keith: So who is IDC TechMatch designed for? Is it everyone within the enterprise, or is there a specific role within a company that’s really going to benefit from this? Jim: Yeah, we focus IDC TechMatch — a platform that enables IT leaders to make decisions quickly and confidently when picking the right software for their business purpose. Typically, that’s the CIO, head of enterprise applications, head of procurement, or even the CFO’s office — people who typically get involved in software sourcing and selection decisions. That’s who the platform is targeted at. Keith: What’s the main problem you’re solving for these groups of people? Jim: Today, the way most organizations source and select software is long, complex, and frustrating for everyone involved. These processes can take up to six months to make a decision on the right software. So we’re offering these organizations an opportunity to accelerate that software sourcing process while also accessing world-class market intelligence so IT executives can make confident decisions. Keith: And what would companies be doing without this? I always think of that infomercial with someone struggling in black and white, and then the world of color opens up. It sounds like without this, companies would be doing a lot of searching, using tabs and spreadsheets… Jim: Yeah — spreadsheets, endless lists of requirements, some web research. And of course now, LLMs can help, but where do they collect the data from? There’s a lot of internal work and unscientific, hamster-wheel-type efforts to figure out what software is right for business purposes. source