CIO CIO

“With CPQ more seamlessly embedded into the sales and order management capabilities, sellers can increase productivity by exponentially reducing time towards building sales quotes and recording opportunities in the system. But also, as the system learns, it can also recommend the right products and services to add to a particular deal or help in generating cross-sell and upsell revenue potential,” said Martin Schneider, vice president and principal analyst at Constellation Research. “Logik.ai users who do not have ServiceNow can definitely add more self-service capabilities to drive more frictionless commerce inside their business and provide more seamless customer experience.” As for how these CRM capabilities tie into ServiceNow’s service management capabilities, Schneider said the company’s approach to agentic AI and workflow will further automate the CPQ process and bring in more data sources to provide recommendations and configurations. The acquisition will take advantage of other synergies amongst the CRM and service management products as well, he said. “Service management, whether it is internal helpdesk or external call-center or support center, is inside the ‘CRM lifecycle’ of marketing, sales, customer support/experience. ServiceNow is simply building out a full suite of CRM offerings. And given their exceptional core workflow, these are going to be compelling, again, when you consider ServiceNow’s investment in agentic and generative AI capabilities,” Schneider explained. source

Azure Network Engineer Associate This certification validates your prowess to deploy networking solutions by using the Azure portal and other methods such as PowerShell, Azure Command-Line Interface, and Azure Resources Manager templates. It also demonstrates your aptitude to work with solution architects, security engineers, cloud administrators, and DevOps engineers to deliver Azure solutions. The exam measures thorough expertise in planning, implementing, and maintaining Azure networking solutions comprising connectivity, routing, hybrid networking, security, and private access to Azure services. Job role: Network engineer Required exam: Designing and Implementing Microsoft Azure Networking Solutions Azure Security Engineer Associate This certification focuses on your expertise in implementing Azure Security Controls that secure identity, access, data, applications, and networks in cloud and hybrid environments. It proves your ability to execute responsibilities such as managing the security posture of the organization, responding to security incident escalation, conducting threat modeling, identifying and neutralizing detected flaws, and implementing threat protection. To earn this certification, you need moderate to robust knowledge of most Azure offerings and an understanding of basic IT security principals. This exam tests your knowledge in four different subject areas: managing identity and access; implementing platform protection; managing security operations; and securing data and application. Job role: Security engineer Required exam: Microsoft Azure Security Technologies Azure Solutions Architect Expert The certification validates your subject matter expertise in designing cloud and hybrid solutions on Azure, including network, compute, monitoring, storage, and security. It requires advanced experience and deep knowledge of IT operations comprising networking, governance, disaster recovery, data platforms, virtualization, business continuity, identity, and security. To earn it, you must have Azure Administrator Associate certification (see above), which tests your skills to implement, monitor, and manage an organization’s Microsoft Azure environment. Job role: Solution architect Required exam: Designing Microsoft Azure Infrastructure Solutions source

Since AI technologies are developing rapidly, continuous training is important. Online courses, boot camps and certificates (such as AWS Machine Learning Specialty or Microsoft Certified: Azure AI Engineer Associate) as well as workshops and conferences. However, the most important thing for gaining experience is to work on AI projects in a real-world setting. Above all, a good AI consultant is willing to learn. Technologies, frameworks and standards change quickly – if you want to be in the game for the long haul, you have to stay on top of things. An AI consultant’s most important skills The most important skills of AI consultants are, accordingly, programming, data analysis and mathematics/statistics. Mastering programming languages such as Python is a great advantage, as is a sound knowledge of data (databases) and general software development. Above all, however, it is important to understand how to handle data and algorithms. Equally important as the “hard skills,” however, are the “soft skills.” These include: source

The modern workplace is undergoing the most transformative era since the dawn of the internet, with AI PCs emerging as a driving force in redefining productivity, security, and enterprise IT management. Unlike previous hardware refresh cycles, AI PCs represent a foundational shift in how businesses operate—leveraging AI to create smarter, more efficient, and agile organization. According to a recent IDC survey, AI PC adoption is surging, with 82% of ITDMs surveyed expected to acquire AI PCs before the end of 2025. This rapid adoption underscores a growing recognition: AI PCs are not just an upgrade—they are a necessity for businesses looking to stay competitive in an AI-driven world. Today, ITDMs have an enormous opportunity in front of them. As they evaluate their strategic roadmaps, ITDMs must consider how AI PCs fit into their strategies to ensure their organizations are prepared for the next wave of workplace evolution. A balancing act: Cloud and local AI adoption AI PCs are reshaping how businesses approach AI workloads, offering a compelling alternative to cloud-based computing. The cloud remains the go-to for many AI applications due to its unmatched scale and processing power. However, with dedicated NPUs and high-performance CPUs and GPUs, AI PCs are proving to be a competitive force in enterprise computing, delivering strong AI performance for business tasks while maintaining energy efficiency. By executing AI workloads locally, AI PCs help organizations reduce latency, optimize performance, and enhance privacy, making them a viable complement—or even an alternative—to cloud-based applications. This shift enables businesses to empower employees with real-time AI-driven assistance, including automated content generation, advanced data analysis, and workflow optimization, without relying solely on cloud computing. By striking a balance between cloud and local AI, businesses can ensure optimal performance while maintaining control over sensitive data, fostering a more secure, efficient, and productive work environment. source

At the Tanzu Division of Broadcom, we focus on how our customers can get the most out of cloud native environments while protecting against the slew of new vulnerabilities and attacks targeting their critical business apps. As important as prevention is, reducing the time it takes to recover from a breach or other issues is just as critical, if not more. This is particularly important for our customers functioning in highly regulated industries who have to keep up with continually changing security, privacy, and compliance requirements. We’ve found that the best way to secure large and diverse application estates is to integrate security-enhancing capabilities and processes throughout the entire application dev and delivery cycle. This means approaching security as an integral and continuous part of the cycle. In working with our many global customers, we recommend the following best practices for a continuous approach to security: Weave security in all your processes Adding security earlier in the app dev and delivery cycle is widely recognized as a best practice. However, sometimes it is not enough. Over the years, we have seen that attack vectors are targeting multiple phases of the software delivery cycle, and in some cases, shifting security left has come to mean shifting security decisions on to developers. This undue burden can become disruptive and slow down the app delivery process. With cyberattacks hitting various aspects of the software supply chain, it is imperative to make security an integrated aspect of the software delivery lifecycle. With this in mind, we designed Tanzu Platform to make security easy, while also reducing friction between dev and platform teams. We do this by allowing for separation of concerns and enabling golden paths curated by the platform engineering team. Tanzu Platform also supports patterns and technologies made popular by Spring Framework, leveraging the Buildpacks model, and the incredible Bitnami software catalog on which Tanzu Application Catalog is based. Turn on your automation superpower Infusing policy-based automation into your application platform is one of the best ways to enforce and scale security policies. Platform engineers need to partner with security and compliance teams to create policies based on changing industry guidelines, vulnerability threat level, audit requirements–just to name a few. Doing this reduces friction in the app dev and delivery process, increases security and compliance leaders’ peace of mind, and empowers platform engineers to deliver a secure and frictionless path to production that ultimately yields value-generating innovation.    Adopt a “continuous upgrade” culture Security is not a one-time thing. Infrastructure needs to be secure by design and continuously updated. Introduced several years ago, the 3Rs – Rotate, Repave, and Repair continue to be our north star when it comes to ensuring Tanzu Platform is among the most secure cloud native application platforms. More specifically, the 3Rs mandate that you:  Rotate system credentials every few minutes or hours. Repave every server and application in the datacenter every few hours to a known, good state. Repair vulnerable operating systems and application stacks consistently within hours of patch availability. Ensuring all software is up to date with the most recent patches, security fixes, and regulatory compliance means continuously checking the health of your system and running the most secure versions. This can be overwhelming without the right mindset and processes. So, in addition to keeping up with patches, upgrades, and bug fixes, we recommend that our customers embrace a continuous upgrade and compliance mindset. Read about what we mean by continuous upgrade culture here. Every day, companies are competing for customers and seeking ways to capitalize on market trends and capture new revenue opportunities. At Tanzu, we advocate that technology leaders should treat security as an accelerator rather than an outcome or a one-time “check the box” requirement. For more about Tanzu’s approach to application security, visit the Tanzu and Security page. About Purnima Padmanabhan Broadcom Purnima Padmanabhan is Vice President and General Manager of Broadcom’s Tanzu Division. Prior to joining Broadcom, she was Senior Vice President and General Manager of VMware’s Modern Applications & Management Business and was responsible for application modernization, cloud native application development and multi-cloud management. She previously led the company’s Cloud Management Business. Ms. Padmanabhan has extensive experience building and launching innovative products in cloud infrastructure, security and enterprise mobility. Prior to joining VMware, she was CEO of Cavirin, a cloud security company, where she drove a turnaround. She was previously COO of MokaFive, a desktop virtualization company, and was responsible for global product operations. Ms. Padmanabhan holds an MBA from Stanford University and an M.S. in Computer Engineering from University of Southern California. source

The promised land of AI transformation poses a dilemma for security teams as the new technology brings both opportunities and yet more threat. Threat actors are already using AI to write malware, to find vulnerabilities, and to breach defences faster than ever. At the same time, machine learning is playing an ever-more important role in helping enterprises combat hackers and similar. According to Palo Alto Networks, its systems are detecting 11.3bn alerts every day, including 2.3m new and unique attacks.[1] It is beyond human capabilities to monitor and respond to these attacks; it is also putting immense stress on security teams. How, then, can CISOs and CSOs build resilient security teams that can defend their organisations, and continue to innovate? Arms race Cybersecurity teams are in an “arms race” with attackers, as threat groups use AI to increase both the volume and speed of attacks. “AI has created a powerful toolkit for threat actors, and it has changed the way that we’re seeing attacks,” warns Nick Calver, VP for Financial Services at Palo Alto Networks. “Two or three years ago a ransomware attack would typically take 44 days before they could extract data or cause your systems a problem. Now we’re seeing that exact same attack happening in a number of hours,” he says. This acceleration is happening even as businesses struggle with visibility of how AI is being used in their own organisations, and as regulators struggle to keep up with a fast-changing landscape. “Everybody needs to be aware of AI,” says Calver. “Threat-based assessment is incredibly powerful, and I’ve seen it put to good use. It’s immediately helped improve organisations’ protection,” says Calver. Threat assessment is just one area where AI can also play a positive role in security. AI has been in use in cyber defence for over 10 years. “When you consider those attack volumes, it is not possible for humans to actually keep up and respond effectively,” says Calver. “Security technicians need to harness the power of AI.” Resilience, and human factors However, there is also a different side to an increasingly hostile security environment. Increasing threats are challenging organisations’ abilities to recover from attacks. This is changing how security leaders think. Focus remains on preventing a breach, but increasing attention is being given to how to respond and recover from attacks. Regulations are helping ensure consistency in this area with DORA being just one example. “Historically, we’d try to build a moat around the technology, and just stop anybody crossing in. But people do come in,” says Calver. “How do we actually segment and protect systems and provide a level of resilience?” Architectures such as zero trust will also play a role in building resilience, he says. But it is people who will ultimately secure an organisation. Even with automation and AI tools, businesses will only survive cyber attacks if their security teams can function under pressure. This means bringing together technical tools, training, testing and above all support for those in the front line. “Without people, we are nothing,” warns Calver. “Ultimately, the team, the people, that’s what actually makes an organisation successful, and that’s what protects the organisation too.” Watch the full interview below. CIO’s interview with Nick Calver of Palo Alto Networks For more information, please visit Palo Alto Networks’ Precision AI page. [1] Foundry Interview with PAN’s Nick Calver source

But analysts have questioned whether the Microsoft move truly addresses those European business concerns. Phil Brunkard, executive counselor at Info-Tech Research Group UK, said, commenting on last month’s announcement of the EU Data Boundary for the Microsoft Cloud,  “Microsoft says that customer data will remain stored and processed in the EU and EFTA, but doesn’t guarantee true data sovereignty.” And European companies are now rethinking what data sovereignty means to them. They are moving beyond having it refer to where the data sits to focusing on which vendors control it, and who controls them. Responding to the new Euro cloud plan, another analyst, IDC VP Dave McCarthy, saw the effort as “signaling a growing European push for data control and independence.” “US providers could face tougher competition from EU companies that leverage this tech to offer sovereignty-friendly alternatives. Although €1 million isn’t a game-changer on its own, it’s a clear sign Europe wants to build its own cloud ecosystem—potentially at the expense of US market share,” McCarthy said. “For US providers, this could mean investing in more EU-based data centers or reconfiguring systems to ensure European customers’ data stays within the region. This isn’t just a compliance checkbox. It’s a shift that could hike operational costs and complexity, especially for companies used to running centralized setups.” Adding to the potential bad news for US hyperscalers, McCarthy said that there was little reason to believe that this trend would be limited to Europe. “If Europe pulls this off, other regions might take note and push for similar sovereignty rules. US providers could find themselves adapting to a patchwork of regulations worldwide, forcing a rethink of their global strategies,” McCarthy said. “This isn’t just a European headache, it’s a preview of what could become a broader challenge.” source

Through its RISE with SAP offering, SAP gives customers a rapid transition to the cloud. This offering combines SAP S/4HANA Cloud with complementary SAP services to support companies in their digital transformation. This transformation takes place in three steps: redesigning processes, technical migration, and building the intelligent enterprise. S/4HANA On-Premise With SAP S/4HANA On-Premise, the customer manages the S/4HANA system, the HANA database, applications, data center, operating systems, middleware, and network on-premises. The customer is also responsible for maintenance and development. This allows for maximum flexibility. In this variant, the customer is responsible for adapting the software to company-specific requirements, controlling the frequency and scheduling of upgrades, and installing support packages. S/4HANA Hybrid In principle, a combination of S/4HANA Cloud and S/4HANA On-Premise is also possible. This is referred to as a hybrid approach. Companies can run selected processes, such as core processes, locally on their own servers with SAP S/4HANA On-Premise. Other processes that do not require individual adaptation can be outsourced to the cloud. source

In Italy alone, over 60% of large companies hinge their strategies for success on digitalization, indicating a lack of awareness and perspective of what digital transformation actually means. Investment isn’t the issue, but there’s a culture of thinking that technological change alone, rather than organizational change, creates digital transformation, which is a big first mistake to make on a path to evolution and modernization. “Whatever your needs are, the technology is there; that’s not the problem,” says Tommaso Pagnini, CIO of global aluminium processor Profilglass. “You might evaluate which type of cloud to choose or whether an AI application is useful, but the real issue is management and process, and how to effectively address challenges by putting the focus on people.” For Marco Foracchia, CIO of AUSL, thelocal health authority that administers services in Italy’s Reggio Emilia province, the biggest mistake is not thinking strategically. “Taking many unrelated steps without an overall vision gets you nowhere,” he says. “You risk buying ICT systems randomly and accumulating technologies, and losing the possibility of grafting wider logic into strategies for cybersecurity, privacy, cloud, and AI. These aren’t individual purchases, but transversal elements of a broad strategy.” source