CIO CIO

In CIO’s 2024 Security Priorities study, 40% of tech leaders said one of their key priorities is strengthening the protection of confidential data. Cohesive, structured data is the fodder for sophisticated mathematical models that generates insights and recommendations for organizations to take decisions across the board, from operations to market trends. But with big data comes big responsibility, and in a digital-centric world, data is coveted by many players. Protecting data from bad actors In an era where cyber threats are increasingly sophisticated, organizations must adopt a proactive security strategy to safeguard sensitive data. Kapil Madaan, CISO and DPO, Max Healthcare says, “A comprehensive Data Protection Framework ensures resilience against breaches by integrating encryption, strict access controls, and advanced threat detection technologies. A Multi-Layered Security Strategy and ML algorithms enhance protection by utilizing AI-driven threat detection to monitor network anomalies and identify potential risks in real time.” Kiran Belsekar, Executive VP – CISO and IT Governance, Bandhan Life reveals that ensuring protection and encryption of user data involves defence in depth with multiple layers of security. “Using Zero Trust Architecture (ZTA), we rely on continuous authentication, least privilege access, and micro-segmentation to limit data exposure.” He also stands by DLP protocol, which monitors and restricts unauthorized data transfers, and prevents accidental exposure via email, cloud storage, or USB devices. source

Collin Penman: I think they’re slowly maturing, I would use the word, but I’ll take a step back, because I think AI affects companies in a couple of different ways. We see AI coming through the supply chain. A lot of the products that we actually using, from a supply chain point of view now has AI actually embedded within those products that we’re consuming that may be utilizing the data internally to learn and teach those products as an example. So supply chain, I certainly see the requirement to not only include AI questionnaires as part of that supply chain risk point of view. We’re starting to see itused internally, obviously, to build out the business value from applications point of view, really reduce, you know, a lot of the manual tasks, repetitive tasks internally, but actually to to really start to engage customers and our internal staff around what we can do better around the applications that we have. And then two things, one is the defence from AI based security attacks. So starting to look at how AI helps us from a cybersecurity point of view, and then the way that we see, and a lot of discussion, is around AI utilized within cybersecurity from threat actors. And we’re really starting to see that, not only from phishing emails. Previously, you would have seen a phishing email that was poorly worded or all the English wasn’t spectacular, it’s very, very now targeted to the individuals using AI. So those are the frameworks of what we’re starting to see. But I think back to your question around how CIOs really rethink –  I think they really need to think about their security posture, the landscape that they’re operating in, from a market point of view, adopt AI as part of that defense mechanism, but the other thing is to upskill and educate the internal teams about the use of AI internally with external AI providers. And what does it mean from a development point of view as well? Yeah, that’s interesting. The third-party risk as well. And it look, it sounds like a lot of organisations think they’re more secure than they actually are. So what are some of those common blind spots that leave them exposed? You know, even when they think they’re covered? I think, I mean, certainly our index showed that there was a gap between where the leadership of organisations were versus the actual employees. And the employees –  their awareness and the education training on the use of AI is certainly not there. And I think that’s, I know where, that’s where our focus is even within Datacom is is not to stand up a separate artificial intelligence, but how do we actually bring that into the current organisation processes, not only from a change management point of view, but from a governance and security and even a cyber awareness training so that we actually now incorporate AI training. And what does it mean to specifically the service desk from a deep fakes point of view or from a fishing point of view? What do we have from a AI around phishing for our finance teams? And what do we look for around that? So really, it’s to make sure that the development and the ecosystem around AI is is secure, to educate and up skill the teams, but it’s also around doing the right hygiene things, you know, patching, making sure we have early detection and continuous monitoring around some of the tooling. And I know a lot of companies are moving towards a zero trust framework around multi-factor authentication and access to applications, and certainly that’s where AI also adds a lot of value.   source

VMware Cloud Foundation on Google Cloud VMware Engine (GCVE) is now generally available, and there has never been a better time to move your VMware workloads to Google Cloud, so you can bring down your costs and benefit from a modern cloud experience. In partnership with Broadcom, we’re pleased to announce: Support for VMware Cloud Foundation (VCF) is now available with ~20% lower commitment pricing License portability entitlement support for VCF will allow you to preserve your VMware investments by flexibly porting your on-premises VCF licenses to GCVE. This will enable you to get a VE1 node that supports portability at up to a 35% lower price1 on a three-year prepaid commitment, compared to previous pricing which included VMware licenses. Multiple new GCVE node types to cost-effectively align with your workload requirements. Commercial incentives up to 40% of GCVE first-year spend as additional migration and consumption incentives, along with no-fee proof of concepts and trials Convertible commitments supporting movement mid-term between different GCVE node types and other compute platforms like Compute Engine and Google Kubernetes Engine (GKE). Customers are already benefiting from VCF licensing support in GCVE. “Google has helped us navigate the VMware licensing changes every step of the way,” said Everett Chesley, Director of IT Infrastructure at Granite Telecommunications. “We are excited about the future with Google Cloud VMware Engine providing us a fast path to transform our VMware workloads in Google Cloud.” Let’s take a look at these announcements in greater depth. Support for VMware Cloud Foundation In partnership with Broadcom, GCVE now fully supports VMware Cloud Foundation. VCF is a comprehensive platform that integrates VMware’s compute, storage, and network virtualization capabilities with its management and application infrastructure capabilities. In addition to the cloud infrastructure components — such as vSphere, vSAN, NSX and HCX that already existed in GCVE — VCF includes many new capabilities providing comprehensive monitoring, analytics, and insights to optimize application performance and resource utilization, resulting in improved application health, enhanced performance, and efficient capacity management. VMware Cloud Foundation license portability We often hear from customers looking to bring the value of their existing or future VMware Cloud Foundation license investments to Google Cloud. In collaboration with Broadcom, we are pleased to support VCF license portability entitlement in GCVE. Simply put, with GCVE commitment types that support portability, you only pay Google for the VMware Engine service and infrastructure and can apply previously purchased VCF licenses. By bringing your own VCF subscriptions to GCVE, you can avoid the cost of purchasing new licenses, resulting in potential savings. For example, compared to previous pricing that included VMware licenses, you will be able to get a VE1 node that supports portability at up to a 35% lower price on a three-year prepaid commitment. Google Cloud is the first cloud provider to offer a distinct VCF-integrated solution that supports VCF license portability. With Google Cloud, you can maximize the value of your VMware investments while benefiting from the scalability, security, and innovation of Google’s infrastructure. Increased choice of node types We’re excited to introduce our ve2-mega shape family which comes with 51.2 TB raw data storage (~2.7X compared to ve1) in addition to 3.2TB of cache capacity. We are now offering two new hyperconverged node types in the family: ve2-mega-96, with 96 hyperthreads (~1.3X compared to ve1-standard-72). ve2-mega-128, with 128 hyperthreads (~1.7X compared to ve1-standard-72). We’re also now offering ve2-standard-96, with 48 cores/96 hyperthreaded cores. The ve2-standard shapes come with 25.6 TB raw data storage. For workloads with high storage needs, there are two new storage-only node types: ve2-standard-so with 25.6 TB raw data storage, and v22-mega-so with 51.2 TB raw data storage. GCVE storage-only node types come with the same NVMe storage offered in our hyperconverged node types but are offered at lower price points. New cost savings with commitments GCVE now offers enhanced discounting for its VE1 and VE2 license-included node platforms with new one- and three-year term commitments: VE1 nodes: 22% lower rates compared to previous pricing2 VE2 nodes: 37% discount for one-year prepaid commitments (previously 30% for VE1) and 55% discount for three-year prepaid commitments (previously 50% for VE1) These changes result in substantial savings, For example, for ve1-standard-72, a three-year prepaid commitment in Iowa is priced at $3.60/hour compared to $5.17/hour for Azure’s AV36P three-year reserved instance in the “Central US” location (~30% savings).3 Significant incentives to reduce TCO Customers evaluating GCVE as a destination for their VMware workloads want a significant reduction in financial and technical friction. To that end, we offer: No-fee assessments and POCs for customers, delivered by our partners and funded by Google Cloud For new customers entering a Google Cloud Enterprise Agreement or Flex Agreement: Migration services incentives: up to 25% of incremental year-one net spend to support migration services. A number of partners are certified to deliver migration services. Incremental consumption incentives: up to 15% in additional credits for incremental net consumption of GCVE in year one, reducing TCO for customers as they migrate their VMware workloads. Convertible commitments As customers bring their workloads to GCVE, they often evolve their workload architectures to take advantage of various options available in Google Cloud. However, so far, they were unable to reuse their existing GCVE commitments for such use cases. To support this flexibility, we offer convertible three-year GCVE commitments that, for an additional cost, will allow you to convert part of your commitments to other services such as Compute Engine or GKE, or other options in GCVE. For example: You can extend VMware environments using dynamically scaling web-facing servers on Compute Engine or GKE. With the flexible VE2 node platform in GCVE, you can move between different GCVE node types, thus optimizing resource utilization by matching workloads to the most suitable infrastructure as your architecture evolves. Please stay tuned for more and be sure to bookmark the GCVE release notes for updates. You can also learn even more at our Google Cloud VMware Engine website, and if you’re looking to explore what a migration might look

Cloud computing has been a major force in enterprise technology for two decades. But according to a Barclays report issued last year, only 42% of workloads reside in the public cloud, despite the benefits of running workloads in the cloud. Moving workloads to the cloud can enable enterprises to decommission hardware to reduce maintenance, management, and capital expenses. Cloud-based workloads can burst as needed, because IT can easily add more compute and storage capacity on-demand to handle spikes in usage, such as during tax season for an accounting firm or on Black Friday for an e-commerce site. Applications can be connected to powerful artificial intelligence (AI) and analytics cloud services, and, in some cases, putting workloads in the cloud moves them closer to the data they need in order to run, improving performance. Historic challenges of cloud migration With all these benefits, why are most workloads still living outside of the cloud? Migration has posed significant challenges, including the perceived need to refactor applications for the cloud, for IT teams. Refactoring is an expensive, time-consuming task that carries risk, especially for key revenue-generating applications. “We are in constant tension between revenue and modernization, and every time revenue wins,” says an IT executive at a large enterprise. Operational readiness is another factor. Enterprise IT has made heavy investments in on-premises management tools and employee training, so it is able to use them effectively. Retraining admins on new tools to manage cloud environments requires time and money. There are also application dependencies to consider. No application is an island; each relies on a complex web of interconnected apps and resources, which must be remapped to the cloud environment. A simpler solution Broadcom and Google Cloud are collaborating to enable enterprise IT to nondisruptively extend their on-prem environments to the cloud and easily run workloads in Google Cloud VMware Engine — without having to make any changes to the architecture. There’s no downtime, and all networking and dependencies are retained. Admins don’t need to retrain; they can use the same tools they use for their on-premises infrastructure to manage virtual machines (VMs) in Google Cloud. The partnership also enables VMware license portability between on-prem and Google Cloud environments, providing the enterprise with significant flexibility to move VMs wherever they’re needed. There are many compelling use cases for running VMs in Google Cloud VMware Engine, including: Data center extension. Retain workloads in the data center, and leverage the cloud to manage bursts when more capacity is needed. Refresh cycle. If it’s time to replace older hardware, IT can migrate workloads to Google Cloud VMware Engine instead of buying new equipment. Relocating workloads. If a colocation facility is shutting down, IT can migrate effortlessly to Google Cloud instead of moving to another physical location. Disaster recovery. Instead of fully mirroring the data center in another physical location, IT can stand up a fractional environment in Google Cloud VMware Engine, where the network is already configured and storage is replicated. In the event of a disaster, IT can scale up on demand, which means that the enterprise doesn’t need to pay for the resources required for the full environment until they are needed. Enhancing applications. With your apps in Google Cloud VMware Engine, leverage private high-bandwidth, low-latency access to Google Cloud services such as AI and analytics to deliver new innovative services and extract meaningful insights from your data. “With this partnership, enterprises can easily and without disruption move their virtualized applications to Google Cloud and operations don’t have to change at all,” says Marcos Hernandez, platform engineering lead at Google Cloud. “Migration could even be the start of a multistep approach to keep evolving those applications into higher compute abstractions. But for many customers, simply migrating gives them all the benefits they need.” Find out how easy it is to extend from on-prem to the cloud and migrate your workloads to Google Cloud VMware Engine. More information can be found by clicking here. source

“What we’re seeing isn’t a plateau in demand, but rather an evolution in what makes a developer valuable,” he says. “The most successful developers today combine technical prowess with business understanding, communication skills, and adaptability to changing technologies.” Meanwhile, the soft hiring market for developers isn’t likely to last, some hiring experts say. Even as AI automates repetitive coding tasks, developer who specialize in system-level optimization, AI-driven infrastructure, and security will be “indispensable,” says TalentNeuron’s Thomasian. “Developers will evolve their skillsets to meet market needs, focusing on areas where AI is a partner in workflows than a straight swap-out replacement,” she adds. “The future of software development isn’t about eliminating jobs — it’s about shifting expertise to where it creates the most strategic advantage with human and AI skills matching up.” source

Broadcom and Google Cloud’s continued commitment to solving our customers’ most pressing challenges stems from our joint goal to enable every organization’s ability to digitally transform through data-powered innovation with the highly secure and cyber-resilient infrastructure, platform, industry solutions and expertise. With our longstanding technology and go-to-market partnership, we are yet again innovating to deliver value in the space of cyber and disaster recovery. Cyber resilience has become a top-of-mind priority for our customers, as the data shows that it presents a challenge most today are ill-equipped to address. For example, 59% of organizations were hit by ransomware in 2023 and 70% of them suffered data encryption.1 Enabling true cyber resilience requires a layered approach that spans across infrastructure hardening, strong distributed lateral security and confident cyber recovery—all of which are uniquely enabled by the VMware Cloud Foundation platform. An area where most organizations struggle today is their ability to restore operations after a cyber event. It presents unique challenges, including the need to select recovery point candidates, validate them in a secure environment before restore, set up this environment, and prevent reinfection. To achieve this, the vast majority of organizations report having to use up to five solutions across each of the following categories to enable cyber recovery: backup, cloud infrastructure, networking, disaster recovery as-a-service (DRaaS), and extended detection and response.2 The inevitable outcomes are that they are vulnerable to attacks due to a scattered approach to cyber resilience, and their confidence in recovery remains low even after they’ve been hit and have implemented remediation measures. VMware Live Recovery was engineered to solve these challenges. It delivers cyber and disaster recovery for VMware Cloud Foundation infrastructure under a unified management experience. It enables confident, secure cyber recovery through a dedicated, step-by-step workflow that integrates guided restore point selection, safe validation of recovery points in an isolated recovery environment (IRE) with live behavioral analysis, network isolation to prevent reinfection, and recovery orchestration at enterprise scale. Broadcom’s mission is to enable customers to recover from anything, anywhere, and we are delivering on this promise. At Explore Las Vegas last year, we announced that customers will be able to leverage an on-premises IRE for cyber recovery, which brings significant benefits to organizations that need to preserve data sovereignty or that have to abide by strict privacy and locality requirements. In addition, we have announced plans to enhance VMware Live Recovery support for Google Cloud VMware Engine (GCVE) as a cyber and disaster recovery (DR) site, for both on-premises and GCVE environments. This builds on VMware Live Recovery’s existing protection of GCVE sites as a source and enables a consistent deployment topology for on-premises and cloud environments for their cyber resilience and DR needs. “VMware Live Recovery support for Google Cloud empowers customers with more choices for their cyber and disaster recovery strategies,” said Manoj Sharma, Director of Product Management, Google Cloud. “This solution will enable just-in-time recovery by leveraging the elasticity of Google Cloud and delivers protection against increasingly sophisticated cyberattacks. This is a testament to our deep engineering commitment to solving complex customer challenges and lays a foundation for more innovation to come.“VMware Live Recovery on GCVE enables customers to benefit from a consistent VMware experience, with the elasticity and scalability of the cloud. GCVE supports the full VMware Cloud Foundation platform on enterprise-grade infrastructure, with unique capabilities such as: Four 9s of uptime service level agreement in a single zone Flexible node families with eight node shapes for better capacity shaping 100 Gbps of east-west networking Native virtual private cloud integration Combined with the power of VMware Cloud Foundation, the service enables customers to deploy flexible technology infrastructure that helps them innovate faster and work better together. These innovations offer important choices for customers to solve their modern cyber and disaster recovery needs in the face of an ever-changing threat landscape. Together, VMware/Broadcom and Google continue to design, develop, and deliver cutting-edge technology to solve our customers’ most pressing problems. 1Sophos State of Ransomware 20242Forrester Opportunity Snapshot: Organizations Are Missing Critical Ransomware Recovery Capabilities, July 2024 About the author:Belu de Arbelaiz is the Sr. Product Line Marketing Manager for VMware’s Data Protection as a Service portfolio, in charge of VMware Cloud Disaster Recovery. source

Now, back to my boss’s request—he’s heading into a board meeting and wants a summary of unauthorized data breaches from 2018 and 2021. I just joined the company and don’t have the historical context; it’s all locked in people’s heads or archives. So, I ingested the archives Cohesity had already backed up, indexed it, and asked: “Can you summarize the differences between the unauthorized data breaches in 2018 and 2021?” For this demo, I’m anonymizing company names because it’s real data. The system takes my text question, semantically compares it against 10,000 PDFs, extracts relevant snippets, packages them in a prompt, and sends them to a large language model. The LLM uses that context to generate an answer—with good detail on both events and general observations. Because it’s using internal data, I also get resource links and citations—so I can download the source and add it to the board meeting materials. Keith: That’s great for explainability—so the AI isn’t just guessing. Greg: Exactly. You get a much more robust and trustworthy result because you’re using your internal data as the source of truth. This isn’t something you’d want to do with a public ChatGPT-type tool—this is proprietary data. Keith: Right. Greg: What we’re doing here sits between full model fine-tuning and simple querying. Instead of training a model on all your data, we pull relevant content at the time of inference—like handing an artificial researcher a stack of topic-specific papers and asking a question. source

“In fact, CIOs often confuse risk management with compliance or cybersecurity, yet risk is much broader,” she says, advising IT leaders designate an enterprise risk officer who can serve as the CIO’s best ally, helping to navigate risks, accelerate strategic initiatives, and provide guidance on where caution is needed versus where speed is possible. Risk management is among the most misunderstood yet valuable aspects of leadership, Saibene observes. When CIOs embrace risk frameworks, they can proactively identify IT-related risks, propose mitigation strategies, and collaborate effectively with risk officers. “This not only strengthens executive buy-in, but also accelerates progress,” she explains. Rule 2: Inventory applications The most critical risk management rule for any CIO is maintaining a comprehensive, continuously updated inventory of the organization’s entire application portfolio, proactively identifying and mitigating security risks before they can materialize, advises Howard Grimes, CEO of the Cybersecurity Manufacturing Innovation Institute, a network of US research institutes focusing on developing manufacturing technologies through public-private partnerships. source

These education platforms essentially serve as testing grounds for more responsible AI implementation models that could transfer to enterprise settings. The Socratic questioning in Anthropic’s Learning Mode and OpenAI’s focus on deeper engagement suggest a fundamental shift in AI design philosophy, from tools that provide answers to tools that enhance human capabilities. “To counter cognitive atrophy, organizations must design for active engagement: Teams should be encouraged to interrogate AI outputs, not just accept them. Think ‘copilot,’ not ‘autopilot,’“ Sengar said. He suggested that businesses adopt techniques inspired by AI-driven education models. These include Socratic prompting that encourages critical thinking, progressive disclosure of information rather than immediate answers, and requiring decision rationales to ensure human judgment remains sharp. Each of these approaches mirrors what’s being pioneered in educational settings but with adaptation for workplace contexts where preserving institutional knowledge is particularly crucial. source

For those that attended VMware Explore in Las Vegas and Barcelona, there was a new self-paced hands-on lab released exclusively for the attendees to experience Google Cloud VMware Engine while at the events. I am happy to announce that this lab has now been made publicly available through the VMware Lab Platform website for anyone to enroll and try. I thought it may be worth taking a moment to briefly discuss the new modules and content as well as provide you a direct link to access it easily. Hands-on lab summary Since last year, there have been many interface changes and product enhancements that have changed the look and feel of Google Cloud VMware Engine. These refreshed modules capture the latest changes and features, and even let you experience some of the adjacent services. The lab modules start with deploying your first private cloud, as well as configuring the initial VMware Engine networking. The follow-on modules walk you through everything from using Terraform, to migrating workloads with HCX, to external storage options, configuring backup, and using other Google Cloud services. Figure 1: The Google Cloud VMware Engine hands-on lab landing page Takeaway All-in-all, there is a lot here to give you a taste of what using Google Cloud VMware Engine has to offer. Best of all, the lab modules are formatted into reasonable time chunks, usually 30 minutes or less, so that they can be done at your convenience. About the author:Darin Schmitz is a Senior Technical Marketing Architect in the VMware Cloud Foundation division at Broadcom focused on Google Cloud VMware Engine. Prior to Broadcom, he worked across multiple disciplines in the information technology industry, most notably within enterprise storage, cloud computing, and even as a systems administrator for some of the nation’s largest private sector and government organizations. source