CIO CIO

Security that accelerates rather than constrains innovation  Automated controls that ensure compliance without manual intervention  Transparent security metrics guiding risk-based decisions  Engaged teams sharing security responsibility  Architecture designed for protection without compromising agility  Strong security foundations that enable continuous compliance  In the process, security teams step out from the enforcement role — like the Queen of Hearts — and into a role more akin to the helpful but unobtrusive Cheshire Cat. By fostering collaboration, contextual guidance, and continuous improvement, you’ll build not just secure technology solutions, but a resilient digital ecosystem that can adapt to tomorrow’s threats.  Key takeaways for technology leaders  Start with business risk appetite, not just technical controls  Align security metrics with business outcomes for meaningful insights  Provide security platforms and patterns that make secure development easy  Measure what matters — tie security metrics to business impact  Invest in security capabilities and culture across the organization  Design for secure evolution using automated compliance and verification  Continuously share insights and scale successful security patterns  Remember, just as great cities aren’t built in a day, this transformation is a journey rather than a destination. The key is to start now, move purposefully, and keep the focus on enabling business outcomes while ensuring appropriate protection. In doing so, you’ll build not just a secure technology landscape, but a thriving ecosystem that powers your organization’s future success — safely and confidently.  Call to action: Starting your transformation  Assess your current security integration maturity  Identify your most pressing security improvement opportunities  Build a coalition of business, technology, and security leaders  Choose a high-impact pilot area for initial focus  Establish clear metrics for measuring security improvement  Share successes and learnings broadly  Scale proven patterns across the organization  Maintain focus on continuous security improvement  Organizations that successfully navigate this transformation will build competitive advantages through faster, more secure software delivery, more efficient use of security investments, improved ability to meet regulatory requirements, enhanced capacity for secure innovation, and greater business-security alignment.  The time to start is now. Your organization’s future security posture depends on the foundations you build today.  Shawn McCarthy is vice president and chief architect, Global Architecture, Risk & Governance, at Manulife.  This article was made possible by our partnership with the IASA Chief Architect Forum. The CAF’s purpose is to test, challenge and support the art and science of Business Technology Architecture and its evolution over time as well as grow the influence and leadership of chief architects both inside and outside the profession. The CAF is a leadership community of the IASA, the leading non-profit professional association for business technology architects.  source

Nvidia’s Briski said the company’s “hard pivot” to reasoning has boosted the accuracy of its Llama Nemotron models up to 20% compared with the base model. Inference speed has also been optimized by 5x compared with other leading open reasoning models, she claimed. These improvements in inference performance make the family of models capable of handling more complex reasoning tasks, Briski said, which in turn reduce operational costs for enterprises. The Llama Nemotron family of models are available as Nvidia NIM microservices in Nano, Super, and Ultra sizes, which enable organizations to deploy the models at scales suited to their needs. Nano microservices are optimized for deployment on PCs and edge devices. Super microservices are for high throughput on a single GPU. Ultra microservices are for multi-GPU servers and data-center-scale applications. Partners extend reasoning to Llama ecosystem Nvidia’s partners are also getting in on the action. Microsoft is expanding its Azure AI Foundry model catalog with Llama Nemotron reasoning models and NIM microservices to enhance services such as the Azure AI Agent Service for Microsoft 365. SAP is leveraging them for SAP Business AI solutions and its Joule copilot. It’s also using NeMo microservices to increase code completion accuracy for SAP ABAP programming language models. ServiceNow said Llama Nemotron models will provide its AI agents with greater performance and accuracy. source

Ambitious businesses are already eyeing the next leap forward in AI technology fuelled by the growing imperative to deliver business success driven by digital innovation. AI investment is growing at 29% Compound Annual Growth Rate and will hit $632bn by 2028, with almost a third of this being invested in GenAI projects.[1] The next horizon for savvy enterprises seeking to automate at hitherto unseen levels of scale in 2025 is agentic AI. This will, for example, mean chatbots that don’t just answer a customer’s question, but add value by interacting with other systems and data sources to make informed recommendations. Business forging ahead are likely to be cleverly utilising external expertise. Dell says its AI Factory with NVIDIA reduces the time for AI adoption by up to 86% compared to relying on solely internal expertise.[2] Moreover, Dell itself has been able to drive clear enterprise value through its own AI transformation, learning vital lessons that it can share. This need for help is underlined by the fact that CIOs are undoubtedly facing some challenges as they seek to advance their AI transformation. Where are you starting from? These challenges include confused data strategies, difficulty building secure data pipelines, and hardware approaches that don’t integrate or scale, as a recent CIO webcast with experts from Dell and NVIDIA highlighted. But equally critical is the lack of a focused strategy or business case. All of this will combine to undermine your AI strategy and leave you stuck in unsuccessful experimentation mode. This may be the reality for many , but it is not inevitable. How to plot a path forward Successful AI implementation, particularly when it comes to agentic AI, is a journey. “It’s about picking those areas that are more valuable to you as a business,” explained Peter Hubbard, NVIDIA alliance director for EMEA. But once the priorities have been settled, you must think carefully about how to build a secure, efficient pipeline, that ensures data is clean, up to date, and in the right place. As Dell Technologies Regional Director for AI Portfolio Marketing Ihab El Ghazzawi said, “the aim is to bring AI to your data, not bring data to your AI.” It’s perfectly possible to start your AI journey with a single GPU workstation. But keeping a full stack strategy in mind, Hubbard explained, ensures that your underlying architecture can scale as your projects grow. “It’s about every component working together. If you don’t invest in your infrastructure, then the whole environment will suffer.” How Dell and NVIDIA Help That is the kind of approach Dell took itself. Its AI committee assessed hundreds of potential use cases to identify those that could deliver real ROI improvement in key business areas. “We decided that we were going to aim for a 40% increase in productivity and efficiency in those,” Dell’s El Ghazzawi revealed. And that was achieved. Enterprises can benefit from this experience with the Dell AI Factory with NVIDIA, which focuses on key use cases, such as content creation, digital twins, and digital assistants. This easy to adopt AI solution offers hardware, software, models, blueprints, networking and services – everything to get organisations up and running quickly – on a platform that scales up smoothly to deliver real benefits as projects move into production. Every organisation is different, but by utilising the Dell Services team for an AI Strategy workshop, organisations can tap into proven expertise to help build out their own custom AI strategy. Conclusion Success in AI doesn’t mean starting big from the outset. But it does require a clear strategy to get from where you are to going big with experienced partners that can help you on your way. Progress your AI journey by watching the full CIO webcast. ________________________________________________________________________________________________________________________________________________________________________ [1] IDC, IDC Media Centre, Artificial Intelligence Infrastructure Spending to Surpass the $200Bn USD Mark in the Next 5 years, According to IDC, https://www.idc.com/getdoc.jsp?containerId=prUS52758624 [2] Bloomberg (sponsored), How AI factories accelerate AI adoption and implementation — and RoI , November 2024 https://sponsored.bloomberg.com/quicksight/dell-nvidia/how-ai-factories-accelerate-ai-adoption-and-implementation-and-roi source

The cybersecurity threats that loom large today look different than those even just a few years ago. Likewise, the way cybersecurity threats manifest in the years to come is all but certain to evolve. For businesses of every size and industry, especially those that depend on mainframe systems to operate, staying ahead of security threats is essential. In 2024 alone, the average cost of a data breach rose by 10% 1, signaling just how expensive an attack could become. The risk of cybersecurity lapses, data breaches, and the resulting penalties for regulatory non-compliance have made it more important than ever for organizations to ensure they have a robust security framework in place. Achieving this means gaining a deeper understanding of the policies that shape this landscape and adopting the right security solutions to help protect critical IT infrastructure. Understanding the Impact of DORA and PCI DSS 4.0 Myriad policies and security regulations play a role in shaping an organization’s cybersecurity approach—from HIPAA to GDPR. For our purposes, we’ll focus on two of the most recent, and crucial, pieces of regulatory policy, the Digital Operational Resilience Act (DORA) and PCI DSS 4.0. DORA, which went fully into effect as of January 17, 2025, is intended to ensure businesses operating in the financial services sector in Europe have robust, proactive risk management frameworks in place to ensure operational resilience and protect against a host of threats. This policy brings a set of requirements for organizations that are focused on: vulnerability management, data recovery and resilience, and support for open source.  PCI DSS 4.0 is another set of security standards, put forward by the Payment Card Industry (PCI) Security Standards Council, that focuses on establishing a baseline of technical and operational requirements designed to safeguard sensitive account and cardholder data. And with the deadline for full implementation of its heightened compliance obligations taking effect on March 31, 2025, businesses need to ensure they are ready. The requirements and changes outlined in both policies make it critical for organizations to develop a scalable risk management strategy, incorporating extensive disaster recovery plans, continuous testing, and authentication tools that can help mitigate the danger of unauthorized access to critical systems and sensitive information.  Adapting to a changing regulatory reality With the emphasis on resiliency and robust risk management planning, what steps can businesses take to avoid non-compliance? Managing these security challenges starts by identifying, and working closely with, a trusted partner that can offer solutions and services built to ensure resiliency, scalability, and robust security across IT systems. For instance, looking at capabilities like those included in Rocket Software’s mainframe security services can deliver everything from compliance assessments to penetration testing and conversion services. These tools and services ensure organizations comply with both their internal policies and broader regulations, establishing greater visibility and maintaining organizational alignment on security practices and standards. Another common thread between these regulations comes down to access. With the rise in remote access to IT operations, regulators have put more emphasis on curtailing the potential for unwanted entities to sneak in and expose data or damage existing systems. And as that emphasis grows, solutions that enable secure host access are more important than ever. The requirements that come with many of the latest regulations and IT security policies demand a comprehensive approach to risk management to not only avoid a data breach or cyber-attack but the fallout of a non-compliance penalty. Organizations that prioritize an approach inclusive of things like vulnerability management tools, robust data recovery solutions, and open-source support will be positioned to stay compliant now and in the future as regulations continue to mature and change. Learn more about how your organization can build a robust security framework and stay ahead of evolving threats. 1 “Cost of a Data Breach Report 2024,” IBM. source

IT departments are swimming in metrics meant to measure their effectiveness, but this compact collection of essential KPIs provides a true foundation for measuring IT success. source

Account qualification agent evaluates and advances new opportunities to build sales pipelines, and engages key members of a buying group. Audience agent analyzes cross-channel engagement data, which it uses to create and optimize audience segments. Content production agent generates content based on a brief, following pre-defined brand guidelines. Data insights agent analyzes signals across an organization to help visualize, forecast, and remediate customer experiences. Data engineering agent performs high-volume data management tasks, including data integration, cleansing, and security. Experimentation agent helps teams responsible for personalization simulate new ideas and perform impact analysis. Journey agent supports customer journey ideation, analysis, and optimization. Product advisor agent tailors product discovery to individual preferences based on past purchases. Site optimization agent boosts customer engagement through always-on support for brand websites that can automatically detect, recommend, and fix issues. Workflow optimization agent monitors the health of ongoing projects, streamlines approvals, and accelerates workflows. In addition to these agents, Adobe introduced Adobe Brand Concierge, an agent intended to take transactional chatbots and web-based agents to the next level. Businesses can use it to configure and manage AI agents that create a personalized experience for every customer, using immersive conversational experiences to guide them from exploration to purchase. The multimodal agent supports text, voice, and image interactions. Adobe noted Brand Concierge supports use cases for both business-to-consumer (B2C) and business-to-business (B2B) teams. For B2B teams, the company said the agent can deliver tailored content based on an existing account relationship, and handle tasks like booking follow-up meetings. As part of its agentic AI push, Adobe pointed to its AI agent partner ecosystem, which is intended to ensure interoperability between AI agents across different ecosystems. Its new and continued strategic partnerships include Acxiom, AWS, Genesys, IBM, Microsoft, RainFocus, SAP, and Workday. It’s also expanded its agency and system integrator partnerships to include Accenture, Deloitte Digital, EY, and IBM. source

The only defense to all of this is to strengthen the proverbial weakest link – and make people “aware” of the myriad ways they can be targeted, influenced, and manipulated online. Humans have finally had enough – it’s time to prove to ourselves that we’re not always “vulnerable” to hacking, fraud, or theft via the devices and tech that are increasingly inseparable parts of our lives. What do human firewalls bring to the company table? As we saw above, reducing the propensity for human errors can bring down the possibility of intrusions and data breaches by as much as 85%. Case in point, in 2020, Russian cybercriminals tried to bribe a Tesla employee with $1 million to install ransomware in the company’s systems. The employee recognized the threat, promptly reported it, and helped the FBI nab the criminals involved, potentially saving Tesla up to $4 million. source