CIO CIO

The “Bring Your Own Device” (BYOD) concept has become increasingly popular with the rise of hybrid work. It provides enhanced flexibility for employees and greater accessibility for work-related applications. However, managing security on disparate and unmanaged devices is an uphill battle. The browser has become the common tool for accessing web and software-as-a-service (SaaS applications) across all devices. This challenging new reality requires companies to rethink their security architectures that have not traditionally focused on the browser. That’s because the browser has become a major target for malicious actors. In fact, a report commissioned by Palo Alto Networks and conducted by Omdia found that the majority of companies surveyed said they’d experienced browser-based attacks across all devices in the past 12 months. What can resolve this dilemma? Companies can ensure applications and sensitive data remain protected on employee-owned devices by using a secure browser and secure access service edge (SASE). The shifting workplace landscape Today’s work environment has seen substantial change, highlighted by three massive shifts. The first is the uptick in hybrid and remote work, even though many companies are calling employees back to the office. The second shift is the adoption by many companies of a mix of managed and unmanaged devices, such as BYOD, within their ecosystem – making security compliance harder. Last is the massive rise in consumption of software-as-a-service (SaaS) and, more recently, generative (genAI) AI apps. Some enterprises are using thousands or tens of thousands of applications. A major aspect of SaaS and genAI app use is that they are typically accessed through a browser. In the above-mentioned report, respondents said that sometimes more than 80% of daily work is done using a browser. There are challenges facing security visibility and controls, too. Standard security controls aren’t deployed evenly; only a fraction of enterprises report widespread coverage across their IT estates. This can lead to protection and visibility gaps. Security teams face ongoing pressure to implement security controls without impeding employee productivity. Even with such controls widely implemented, security incidents remain prevalent. More than 90% of Omdia’s report participants experienced phishing, ransomware and browser-based attacks. Addressing the challenges Two technologies worth considering when looking at possible ways to move forward are SASE and secure browsers. SASE unites software-defined wide area network (SD-WAN) with secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), zero trust network access (ZTNA), and other security functions via its cloud-native architecture. This SASE architecture converges “security as a service” and networking functions into one service delivered by the cloud at the network edge. Companies are then able to automatically support a distributed workforce by linking them to nearby cloud gateways rather than redirecting traffic to the company data centers. This also offers reliable and consistent secure access to all applications, yet at the same time, sustains total visibility and inspection of all traffic. This approach significantly streamlines management and lowers complexity. The perimeter is transformed into a dependable group of cloud-based capabilities; security teams can deploy them when and where needed. A secure browser is the companion technology for SASE. Because the browser has become the primary workspace, SASE needs to be extended to new areas. A secure browser aids in extending the principles of zero trust to all devices that access the company’s resources on any web application. Secure browsers, unlike standard commercial browsers, are created with management and security features baked in. They provide unmatched control and visibility into all web traffic. That includes the ability to administer granular security policies and defend against threats – as well as a better user experience. Secure browsers have centralized management capabilities that make operations easier by giving security teams a holistic view of web activities throughout the company. Essentially, a secure browser extends SASE protection seamlessly to every device, bringing unmatched agility, security, and control to the business. No wonder that Gartner forecasts enterprise browser management adoption to become widespread by 2030. Four benefits of using SASE and a secure browser Together, these two technologies help organizations achieve benefits that include: Real-time detection and prevention – These combined technologies detect and prevent highly evasive threats faster. A network security platform uses AI-powered, real-time network traffic analysis to detect threats in-line. It assists security teams with staying on top of emerging cyber threats so they can confidently halt unknown, known, and zero-day threats. End-to-end network protection – Gain expanded network real-time security utilizing all aspects of SASE SSE, SD-WAN, and secure browser, covering cloud and on-premises infrastructures, branch locations, industrial sites and remote users. Easier operations and management – SASE and a secure browser empower security teams to manage the whole network security environment from one location. This enables enhanced visibility and control over each environment, device, app, and user. Secure AI adoption – Limit organizational risk by giving employees the opportunity to access public genAI apps while blocking the ability to expose sensitive company data. Enabling productivity and security As hybrid and remote work options persist, companies must find ways to enable work while keeping their networks and everyone on them safe. After all, BYOD employees work, on average, two additional hours per day and send 20 more emails. Modern businesses can reap the benefits of BYOD by implementing SASE and a secure web browser. With centralized management, Prisma Access Browser simplifies operations and provides comprehensive oversight of all traffic. As the only SASE solution with a natively integrated secure browser, Prisma SASE 3.0 sets a new standard for security, enhancing user experience and reducing costs and complexity. The missing piece of SASE is now generally available. Don’t stay behind the threats in your browser. Book a demo today. source

Today’s airlines are fierce competitors, each trying to outdo the others with faster, more personalized options and services. But unlike other businesses, airlines are starting the race from behind, running on systems that need major revamping. That’s because much of their current technology consists of aging, cobbled-together solutions from disparate and siloed vendors. The obvious solution is to move to the cloud, where companies can leverage modern tools like microservices, connected APIs, and artificial intelligence (AI) to gain the insights and agility they need to thrive. But that’s easier said than done. Successful transition requires partners with deep experience in legacy modernization, cloud technologies and specialized airline processes—areas where few have domain knowledge. While many companies are struggling, those who can find the right expertise are pulling ahead of the pack, redesigning age-old processes to make them more efficient, more transparent, and more appealing to customers. Here are some real-life examples of innovative capabilities created by major airlines in partnership with Infosys—a company with deep roots in the airline business—and Amazon Web Services (AWS). Streamlining modernization In one example, an airline had been trying to upgrade its systems, but a lack of visibility impeded decision-making. Infosys analyzed which applications would profit most from moving to AWS and the Infosys Cobalt Airline Cloud, where airline teams can use prebuilt reference architecture and services that speed development and operations. Upon migration, Infosys created a standardized cloud framework and patterns for the airline, which was used by subsequent teams. Previously, data silos had prevented collaboration between operational and IT teams. Now they can work together without any friction. They soon began creating time-saving automations across the enterprise, including the baggage handling system. One feature that’s been a big hit with customers—especially those with connecting flights—is automated, personalized baggage tracking notifications. It may sound simple, but providing these messages requires integrating information from many disparate sources, including custom software platforms and cargo updates. Airlines can now send targeted IATA 753-conformant notifications to passengers about the journey of their bags. Infosys also addressed the industry’s problem of increasing cyberattacks and data breaches. The airline’s applications now contain built-in threat protections and internal governance standards compliance, which are deployed before testing and release. Infosys implemented CICD best practices to ensure accelerated deployments, secure coding standards, and faster value delivery of feature life cycle on the cloud. All of this helped improve customer satisfaction. Upgrading the customer experience The airline in the second example was determined to improve the passenger and agent experience at every airport touchpoint, from check-in counters to security checkpoints, gates, and baggage areas. Infosys modernized the systems that passengers use at the curb, kiosk, and bag-drop facility. It also made a completely modern UX for frontline and customer service desk agents to help them provide passengers with better information and a smoother experience. The legacy systems were completely reimagined using design thinking principles and AWS Well-Architected Frameworks to ensure that they are future proof and ready. Infosys also collaborated with the airline and specific airports to design Flight Info Display Systems (FIDS) using advanced technology. Airline teams can now provide better real-time information to passengers transiting large airports, where the backbone is entirely cloud based. These are just a few of the exciting possibilities cloud-native technology offers airlines. It all starts with the Infosys Cobalt Airline Cloud on AWS. Click here to learn more. source

Benchmarking jagged intelligence One sticking point to fully leveraging autonomous AI agents involves what Salesforce calls “jaggedness” or “jagged intelligence,” in which AI systems that can excel at complex tasks unexpectedly fail at simpler ones that humans can reliably solve. Salesforce AI Research has created an initial dataset of 225 basic reasoning questions that it calls SIMPLE (Simple, Intuitive, Minimal, Problem-solving Logical Evaluation) to evaluate and benchmark the jaggedness of models. Here’s a sample question from SIMPLE: A man has to get a fox, a chicken, and a sack of corn across a river. He has a rowboat, and it can only carry him and three other things. If the fox and the chicken are left together without the man, the fox will eat the chicken. If the chicken and the corn are left together without the man, the chicken will eat the corn. How does the man do it in the minimum number of steps? This looks like a classic logic puzzle, except for one altered constraint. In the classic puzzle, the rowboat can only carry the man and one additional thing, requiring a complex sequence of crossings to get the fox, chicken, and sack of corn all safely across the river. The SIMPLE version stipulates that the rowboat can carry the man and three other things, meaning the man can bring all three across the river in a single crossing. source

Navigating the AI and machine learning journey will become an even bigger focus for IT leaders over the next year, according to three quarters of IT leader respondents. Direction is being set by the executive suite. This year’s top CEO priority for IT leaders is researching and implementing AI products and projects, cited by 26% of State of the CIO respondents. In 2024, AI didn’t make the first cut as CEOs directed IT leadership to prioritize digital transformation initiatives, fortifying IT and business collaboration, and upleveling security to reduce corporate risk. Vikram Nafde, EVP and CIO, Webster Bank Webster Bank As companies advance their AI agendas, they are doing so through partnership between IT and line of business. Three quarters of 2025 State of the CIO respondents said the CIO is collaborating closely with LOB leaders to strategize and develop AI applications. IT departments are also leaning on their business counterparts to drive AI adoption, cited by 71% of companies participating in this year’s research. Oshkosh Corp. has numerous efforts under way to build a collaborative bridge between IT and the business, according to Anupam Khare, the company’s CIO. As part of a CEO-inspired movement to promote digital savviness, Oshkosh is working with select business users to identify problems, create solutions, and serve as ambassadors to influence others to get onboard. Khare has also staffed IT with people who have expertise in specific areas of the business — the shop floor, legal, or supply chain, for example — to create greater synergy and understanding of AI as well as general IT initiatives. source

Dr Rachna Gandhi: Yeah, I’ll talk to the approach, because there are, at least my reflection Cathy in the spaces. You know, there’s a lot of conversation about hike, there’s a lot of conversation about, you know, scaling and creating value. Certainly, my perspective on this has been that you gotta get in early. You absolutely because this is not just about the solutions you roll out. It’s actually about creating AI literacy in the business. So that means the more, the sooner you securely get AI in the hands of operations, you know, HR, finance and the tech team, not just the tech team, the sooner you’re educating them and bringing them on the journey on a technology that’s going to be very, very relevant, is already very relevant, but will be even more relevant in the future, and you’re starting to build the confidence and literacy levels of how to deal with, you know how to interact this technology in. A secure way. The great thing about generative AI is that it is very user centric. It’s really easy to use, so it’s not hard to get people to adopt it, unlike other technologies. The second thing I firmly believe in is the team starting to test and learn very quickly, because we are likely to have more failures or learnings, if I can put it that way. And that’s the only way to scale, you know, is to fail fast, to fail forward. So we have two or three prototypes that we are actively pursuing, two that we are scaling. And there are challenges to spaying this. And interestingly, like a lot of other technology, that the challenge is not an adoption. I found AI adoption is just so much easier generative AI adoption, it’s actually in being able to securely scale it and to manage the hallucination, manage the inconsistencies of the output, etc, and then remembering the third thing, which is sometimes important, because people tend to forget the generative AI is you still need good data, you still need good foundations. People seem to think that it just works, but for it to actually deliver tangible value, there is an iceberg effect. There are a whole bunch of things underneath, like good foundations, good data, good security, that you do have to have in place. It’s not a plug and play that people might think sometimes, at least not in a scalable way, probably in an individual way. Yes. So they have been cornerstones. We are, as I said, doing a few proof of concepts and a couple that we’ve scaled already. And they have been in the administrative engagement space rather than the clinical because you want to get more things right before you go in, applying AI in the clinical space. But something I’m extremely excited about. I also think its impact in healthcare will be quite profound in the long term. But the runway required to prepare for it, you need to have that in place. So it’s not something that you wake up two years from now and go, Okay, now I’m serious about AI, and you turn key, you know, you actually have to put the work in from now, which is what very much the team is trying to do.   source

Jonathan Southee: Okay, going back a little way after I finished studying, I actually went over to Australia, like I think a lot of Kiwis do, and I was fortunate to land a job at Coca-Cola Amatil. I spent about 10 years there, and I think I really benefited from spending a lot of time in a large company. There was a really wide range of work to get onto a lot of good networking opportunities and people to meet and people to learn from. But I kind of found my way into the SAP program, which I didn’t know would be such hard work at the time, but it was a fantastic opportunity, and I learned a lot from a lot of great leaders and people that were on that program. And once we got through doing that, after quite a few years, that’s when I really got my opportunity to move into kind of more digital and technology innovation, so into e-commerce, which was new at the time, and feels old. And I feel old saying it, we got into image recognition. We were the first bottler in the world to do that, working with a small startup out of Israel and Singapore, which has gone on to become a unicorn. And we did some really revolutionary things for Field Sales and call centers at the time, which are probably quite boring and commonplace now, but felt like I really got got a hold of it, and really had the first opportunity for technology to make a difference in an organisation like that. I moved in, back to New Zealand, coming up 10 years ago now, and started working in with Kiwi Wealth in their digital program, and launched the first digital identity for KiwiSaver in New Zealand, which was really, really exciting again at the time, And is sort of feels quite commonplace now, and often technology just moves on like that and but then so I moved on from there and went to New Zealand Trade & Enterprise, which was my kind of first foray into the public sector, but also my first foray into working with like a truly global business. So we had 50 sites around the world working with New Zealand exporters to take them to the world, which was just just an amazing reason to come to work every day. Really uplifting hearing about how we could help New Zealand businesses go international. More recently, I then took on the role of CIO at New Zealand Parliament through the 2023 election. I actually had the joy of having three prime ministers in one year. In 2023 the election was the last one, and is still the current one in the year parliament is like, like nothing I’ve ever worked in, and just what those people do every day to make the country function was was a pleasure to be a part of. And in the last year, I spent it at New Zealand Rugby, which is probably the only organisation covered more by the media than parliament, so that that seems to be a common thread recently. Yeah, and so that’s where we’re up to now.     source

Data quality​Symptoms: Duplicates, errors​Impact: Poor model accuracy​Action: Cleanse, monitor Data silos​Symptoms: Isolated systems​Impact: Conflicting reports​Action: Integrate via data lake Governance gaps​Symptoms: Undefined ownership​Impact: Mistrust, non-compliance​Action: Assign stewards Cloud cost sprawl​Symptoms: Runaway spending​Impact: Budget blowouts​Action: FinOps, auto-scaling Building the foundation: Data democratization and self-service analytics One of the most powerful shifts I’ve witnessed in analytics transformations isn’t technical—it’s cultural. It happens when an organization moves from relying exclusively on analysts and IT teams for reports to empowering every business user to generate, explore and act on data. That shift is called data democratization, and in my experience, it’s the fastest way to turn analytics from a center of excellence into a center of gravity. What Is data democratization? At its core, data democratization means giving every authorized person access to the data they need, in a form they can understand, with the tools to act on it — without waiting for IT. It’s not about opening the floodgates. It’s about smart, governed access to trusted insights. When done well, it enables frontline workers to make decisions with the same rigor as analysts — because they have the same visibility. Key enablers of democratization Three pillars enable safe, scalable democratization: tools, governance and skills. Self-service tools Without modern tools, democratization is dead on arrival. Today’s self-service platforms enable business users to slice and dice data, create visualizations and build basic predictive models. Recommended features: Drag-and-drop dashboards (e.g., Power BI, Tableau, Looker) Natural language querying (“Show me sales by region this quarter”) Embedded analytics within CRMs, ERPs and productivity tools But access alone isn’t enough. Tools must be intuitive, responsive and tightly integrated into user workflows. Embedding insights into Salesforce, ServiceNow or Microsoft Teams increases adoption far more than giving users another portal to log into. Governance: Guardrails, not gatekeepers Democratization without governance creates chaos. People make decisions based on insufficient data or conclude stale reports. That’s why Governance is essential—not as a blocker but as an enabler of trust. Effective governance includes: A central catalog of certified datasets with business definitions Role-based access controls that balance visibility and confidentiality Data lineage tracking to show where the data came from and how it was transformed Audit logs to trace who accessed and modified data assets Data literacy: The missing multiplier Tools and governance won’t matter if users don’t know how to interpret data or ask the right questions. That’s where data literacy comes in. Data literacy isn’t about turning everyone into a data scientist. It’s about giving people the confidence and context to use data effectively. What works: Tiered training programs (beginner, intermediate, advanced) Internal data champions who mentor peers and curate best practices Gamification — recognizing teams that use data to drive measurable outcomes Benefits of data democratization When done right, data democratization drives quantifiable outcomes: Faster decisions: No more waiting three days for a report Greater agility: Teams can pivot based on what they see in real-time Higher data trust: People know where data comes from and how to interpret it More innovation: Business users can test ideas, run “what if” scenarios and propose experiments It also frees up data professionals to focus on higher-value tasks like advanced modeling, architecture and governance instead of responding to ad hoc requests. Democratization is not optional. It’s strategic I’ve worked with organizations where a single data scientist supported 1,000 employees, and others where every team had a “data translator” embedded in their function. Guess which ones made faster, smarter decisions? You must first scale access, skills and trust to scale predictive and prescriptive analytics. Data democratization is the bridge between isolated success and enterprise-wide impact. Predictive and prescriptive analytics in action For many leaders, predictive and prescriptive analytics still sound abstract. But in my experience, the impact becomes tangible and measurable once the proper use cases are identified and embedded into business processes. These capabilities are no longer theoretical or experimental. They are live, operational and transforming how companies plan, act and serve their customers. Predictive analytics: Seeing what’s next Predictive analytics uses patterns in historical data to forecast future outcomes. While the algorithms can vary in complexity, from logistic regression to deep learning, the value lies in what they help us anticipate and prevent. Here are just a few impactful use cases I’ve seen work: Customer churn prediction In telecom, retail banking and SaaS businesses, predictive models assess customer behavior patterns — such as drop-in usage, delayed payments or negative service interactions — and assign a churn risk score. The business can then proactively engage these customers with offers, support or incentives. Predictive maintenance Manufacturers and logistics providers use sensor data and equipment history to forecast which machines are likely to fail. Instead of waiting for breakdowns, they schedule proactive maintenance, avoiding downtime and saving money. Demand forecasting Retailers, CPG firms and ecommerce platforms rely on demand forecasting to ensure the right products are in the correct location at the right time, avoiding stockouts and overstock. Prescriptive analytics: Acting intelligently at scale Prescriptive analytics move us from prediction to decision, applying optimization and recommendation engines to identify the best action based on available data. Where predictive analytics asks, “What’s likely to happen?” prescriptive analytics asks, “What should we do about it?” Route optimization in logistics Companies like UPS and FedEx use prescriptive algorithms to continuously optimize delivery routes, considering distance, traffic, weather and service level commitments. These systems automatically adjust routes in real-time, improving delivery efficiency and reducing fuel costs. Dynamic pricing and revenue optimization Airlines, hospitality brands and ecommerce platforms use prescriptive models to adjust pricing based on demand, inventory levels, competitor pricing and customer segmentation. Next-best action in sales and marketing Sales and marketing teams use prescriptive analytics to identify the next best offer, channel or timing for customer engagement, driving higher conversion rates and more personalized experiences. Anomaly detection: The unsung hero While not always classified distinctly, anomaly detection — a subset of predictive analytics — deserves its spotlight. By flagging unusual patterns or deviations, anomaly detection helps companies

Despite massive cybersecurity investments, breaches continue to happen and the reason for that is often inertia. Technology moves quickly and that can cause discomfort for some executives, meaning they often cling to old models that have been proven again and again to be ineffective against today’s threats. Instead of reimagining security and the network from scratch, they try to update legacy models. That’s why, when I started Zscaler, the goal wasn’t to build a better firewall — it was to remove the network from the security equation entirely. True zero trust means no implicit trust, no network to “get on”, only direct, policy-based connections between users, devices, and applications. One company that shares Zscaler’s zero trust vision is MGM Resorts. The company’s CISO, Stephen Harrison, joined me onstage at the Cloud Security Alliance Summit on the first day of the RSA Conference to talk about MGM’s transformation. MGM stretches far beyond Las Vegas casinos. The company has hotels in the United States and around the world, golf clubs, entertainment venues, and even gas stations. With over 70,000 employees and a high-profile brand, robust cybersecurity is critical. Stephen and his team embraced zero trust not as a buzzword, but as a practical architecture to simplify and scale security across this diverse environment. Making a difference Our conversation focused on three critical areas where Zscaler’s platform has made a difference to MGM: combining zero trust and AI to improve security operations, enabling safe use of public generative AI applications, and rethinking branch architecture to minimize attack surfaces. First, we explored how AI amplifies the power of zero trust. In Zscaler’s model, every connection is policy-driven and independent, with no traditional network to attack. When AI is added to the mix, it becomes possible to detect anomalies and enforce policies in real time, making enterprises far more agile against threats. It’s about moving from reactive security to proactive defense and with our AI we are even able to predict what threat actors might do next. Stephen described how this shift has improved resilience at MGM. Centralized policy enforcement combined with AI insights has streamlined their incident response, allowing them to avoid the traditional chaos of managing thousands of disconnected policies and rule sets. As he put it, “it just doesn’t scale” to do it the old way, but zero trust has made it manageable. Next, we addressed the challenge of employees using public AI applications. The response from many companies has been to ban access to AI from corporate devices, but that simply drives employees to use personal devices to evade the block. Zscaler enables organizations to govern usage safely by inspecting prompts and responses without restricting innovation. Employees can access the AI tools they need while corporate policies silently protect sensitive data. Stephen emphasized that empowering employees was critical to MGM’s success. Rather than handicapping teams by limiting access, they used the Zscaler platform to allow responsible AI use, applying data protection policies transparently. “Telling people not to use AI would be like asking them to work on typewriters,” he noted—and he’s right. MGM Resorts is now monitoring around four million prompts a week and allows users to access the AI apps of their choice, then inspecting and blocking and transforming the prompts and returns based on their governance and policy. Scaling without friction Finally, we discussed why zero trust branch architecture is so important. Traditional network designs still expose businesses to lateral movement once attackers are inside–any branch can become an entry point for an attacker intent on spreading ransomware or stealing IP. Our approach treats every branch like an isolated cafe: no broad trust, no internal sprawl, just secure, direct application access. We create a network segment of one per device in your factory, in your headquarters, in your branch, and only authorized connections are allowed without having to deal with the old school IP addresses. For MGM, this model fits perfectly. Whether it’s a full resort, a hotel, a standalone gas station, or even a sports betting kiosk, they can deploy secure infrastructure quickly and without the old burdens of managing complex and increasingly expensive firewalls and networking hardware. In Stephen’s words, it’s about scaling zero trust everywhere, without friction slowing them down. Parting thoughts I left the audience with three key thoughts: First, in a zero trust world, an organization’s attack surface is minimized and if attackers can’t find you, they can’t attack you. Second, users, employees, or contractors, are treated equally, always connecting through a secure guest-like network–trust is never extended and connections are constantly verified. And last, every branch office, no matter the size, becomes an isolated environment, stopping lateral movement before it can ever start. That’s the future of security—and it’s here today. I’m very grateful to the Cloud Security Alliance for hosting us and look forward to continued engagement with their community. To learn more, visit us here. source

Not every system is built for the AI era. As new models and workloads push the limits of what legacy environments can support, IT leaders are being forced to ask: Which parts of our stack are ready for this, and which ones are holding us back? In the Q1 2025 IT Trends Report from JumpCloud, IT decision-makers named AI-related tools (42%) and cloud infrastructure (40%) among the top spending priorities, second only to cybersecurity. That convergence signals something critical: IT leaders are not just deploying AI—they’re rethinking the infrastructure that supports it. How AI is reshaping IT architecture AI workloads come with unique infrastructure demands, from high-volume data pipelines to scalable compute environments. This is prompting a pivot toward more flexible, cloud-native architectures that can adapt as AI systems grow more complex and resource-intensive. Legacy systems, particularly those with rigid data structures or limited scalability, pose real barriers. On-premises infrastructure often can’t keep pace with the computational demands of training and running AI models, while siloed or outdated security frameworks may not account for new attack surfaces introduced by machine learning. To build for AI, IT leaders need to think in terms of adaptability and integration—designing environments that support the data gravity, model training, and dynamic access needs of AI-driven operations. The move to the cloud is well underway, but that doesn’t mean the end of on-prem infrastructure. Hybrid approaches are increasingly common, particularly for organizations with sensitive data or latency-sensitive applications. The key is seamless integration across environments. Workloads that involve sensitive PII or require strict compliance oversight may stay on-prem, while less regulated or compute-heavy operations move to the cloud. As one approach, organizations are starting to transition foundational services—like identity or directory platforms—away from legacy infrastructure toward cloud-based alternatives that better support AI-scale operations. Updating security and compliance for an AI world Security and compliance frameworks are also being tested. Traditional approaches weren’t designed for the complexities introduced by AI, including adversarial manipulation, data poisoning, and algorithmic bias. While 48 percent of IT teams report increased investment in cybersecurity, the real challenge is evolving those frameworks to account for AI-specific risks. This includes establishing protocols for model monitoring, explainability, and access control that reflect how AI operates in dynamic environments. Unification is becoming a core requirement. Consolidating identity, access, and device management doesn’t just reduce tool sprawl—it creates a centralized, data-rich foundation that AI can use to accelerate decision-making and automation. When these core systems operate in silos, it’s harder to identify anomalies, enforce policy, or respond quickly to threats. A unified stack helps IT teams maintain visibility and control, even as AI systems introduce new types of interactions and access requests. Rebuilding the IT stack for an AI-first world isn’t a teardown—it’s an evolution. It means re-evaluating which legacy systems are holding you back, embracing hybrid flexibility, and building a secure foundation that’s designed for intelligence at scale. Interested in learning more about how your peers are thinking about AI and other critical IT trends? Download JumpCloud’s full report here. source

Indian companies will have to invest in comprehensive data mapping, consent management systems, and privacy-by-design approaches, and totally comply with DPDP Act, 2023 and its rules to avoid exposure to exemplary fines of Rs 250 crores per contravention, stipulated under this data protection law. Dr. Pavan Duggal, Advocate, Supreme Court of India and Expert in Cyber & AI laws decodes the cybersecurity trends, impact of AI, emergence of DPO and preparedness of Indian companies for the upcoming law. Q. Which are the mega trends in the world of cybersecurity and data privacy that will impact Indian organisations in 2025 and why? Dr. Duggal: Indian organizations need to be prepared for 5 major trends in cybersecurity and data privacy in 2025. 1. Regulatory Compliance Evolution – The full implementation of India’s Digital Personal Data Protection (DPDP) Act, 2023 being a game changing legislation, will force organizations to fundamentally transform their data handling practices. Companies will have to invest in comprehensive data mapping, consent management systems, and privacy-by-design approaches, and totally comply with DPDP Act, 2023 and its rules to avoid exposure to exemplary fines of Rs 250 crores per contravention, stipulated under this data protection law. source