CIO CIO

It is no coincidence that the Finnish AI hope Silo AI was bought by the American company AMD. There are few natural exit routes for startups and their investors in Europe other than being sold to the US or listed (preferably in the US). Do you even remember Peltarion, which was the first Swedish “AI company” to get hyped? They were bought by King, the company that makes Candy Crush. That’s a bit of the level we have to work with here. I have met my fair share of enthusiastic entrepreneurs over the years and although many are truly passionate about their product and their companies, I would say that the common thread is that they want to build, grow, and make money. Preferably a lot of money. There is nothing strange about that, but if that development journey is not really offered in the local market, it’s clear that you secure yourself somewhere else, and the US has been the first choice.  For example, look at two Swedes who are reaping success in the US right now, Ali Ghodsi whose Databricks is now valued at over US$62 billion, and Arvid Lunnemark whose Cursor has now reportedly reached a valuation of US$10 billion in a short time. What would have made these gentlemen stay and build their successful companies in Europe instead? Would it have been impossible? source

Market shifts, evolving customer behaviors, and regulatory changes can turn a once-powerful AI tool into a liability, Pallath says. Left unchecked, AI might produce outdated or even harmful results, eroding trust, revenue, and competitive edge, he says. “Build dedicated teams to monitor AI performance, automate updates, and refine models continuously,” Pallath says. “Treat AI as a living system — one that thrives on iteration, learning, and proactive governance to deliver sustained value. Success isn’t just about deployment — it’s about long-term commitment to excellence.” Ignoring responsible AI frameworks One of the most dangerous oversights in AI implementation is neglecting to establish robust ethical frameworks, Pallath says. “Without clear guidelines for responsible AI use, organizations risk deploying biased algorithms, mishandling sensitive data, or pursuing problematic use cases that can trigger regulatory penalties and reputation damage,” he says. source

This year’s program features both established categories and new additions. Organisations can nominate candidates for the coveted New Zealand CIO of the Year and Emerging ICT Leader of the Year awards, alongside newly introduced categories including Innovation Leadership Through an Emerging Technology and Excellence in Customer Value. The lineup is rounded out with Business Transformation through Digital and IT, Community Tech Champions, and Best ICT Team Culture & Inclusion. The awards organisers said the judging panel is particularly interested in how technology solutions address real-world challenges, the role of team culture in driving initiatives, measurable impact regardless of project scale, strategic vision for the future, and evidence of cross-organisational support beyond IT departments. Nominations will remain open until Friday, May 13, 2025. Award recipients will be announced at the New Zealand CIO Awards Gala Dinner in Auckland on 19 August, which typically attracts hundreds of technology executives and industry leaders from across New Zealand. source

Artificial intelligence (AI) has become a driving force in business, reshaping how organizations everywhere operate. As AI’s influence grows, however, so does the need for strong governance. Companies must mitigate the ethical and social risks of AI, navigate complex and evolving regulations, and prevent operational and security failures. Without robust governance, they risk deploying AI that could erode public trust, cause reputational damage or financial penalties, and result in security vulnerabilities and cyberattacks. Today, business leaders play a pivotal role in driving the conversation around AI governance. In highly regulated industries such as financial services and healthcare, the stakes are even higher. To remain agile, organizations must balance innovation with compliance — and manage risks — while adapting to constantly changing AI regulations and standards. To address these challenges, companies need to take a structured governance approach that supports the development, deployment, and monitoring of AI models, and conforms with regulations, internal policies, and standard practices. The SageMaker and watsonx.governance partnership Amazon Web Services (AWS) and IBM have partnered to provide an AI governance integrated service that helps organizations scale and streamline AI, build responsible AI products, and meet business, regulatory, and compliance obligations. The integration of IBM’s watsonx.governance platform — which helps organizations manage, monitor, and govern AI models — with Amazon SageMaker, a machine learning (ML) service to build, train, and deploy ML models, enables users to automate risk management and regulatory compliance for their AI/ML models and use cases. This integrated offering provides several benefits. Organizations can catalog, govern, and monitor AI models throughout the AI life cycle, including mapping policies, metrics, and models using a centralized console to organize, document, and maintain an enterprise-wide view of their AI inventory. Users can also proactively identify and manage risk by automating workflows to ensure accountability and ownership of controls associated with the risks. In addition, this offering manages AI for safety and transparency alongside its regulatory library. This helps to translate external AI regulations into enforceable policies for automated enforcement. The IBM-AWS partnership delivers the power of a two-in-one unified offering, seamlessly integrating AI governance capabilities within your existing AI/ML operations and processes. Organizations will realize more streamlined workflows through the direct integration of the watsonx.governance console with SageMaker, for instance, enabling a customizable risk assessment and model approval workflow. Users can share vital information about models from Amazon SageMaker directly to create a unified workflow for governing AI operations. The partnership also addresses AI governance challenges while maintaining agility, and optimizes AI development and deployment costs, ensuring a faster time to production. If businesses want to adopt AI at scale, they must build an AI governance strategy that integrates into their existing systems and a partnership that addresses the same. IBM and AWS are ready to help. To learn more, visit the IBM watsonx.governance SaaS offering page on the AWS marketplace. source

Data sovereignty has emerged as a critical concern for businesses and governments, particularly in Europe and Asia. With increasing data privacy and security regulations, geopolitical factors, and customer demands for transparency, customers are seeking to maintain control over their data and ensure compliance with national or regional laws. However, defining and achieving data sovereignty goes beyond simply storing data within borders—it requires a comprehensive approach to security, privacy, and interoperability. Broadcom’s strategy with VMware Cloud Service Providers who are Sovereign attested offers a unique and resilient route for customers across the globe achieving compliance with robust and bespoke sovereign cloud requirements. By leveraging the services of such VMware Cloud Service Providers, customers can achieve peace of mind that all their data is secure, private, and portable across systems and jurisdictions. Let’s explore the three essential keys to defining data sovereignty and how VMware Cloud Service Providers with sovereign attestation can help meet these demands. Security: The Foundation of Sovereignty At the heart of data sovereignty is security—ensuring that data remains protected from unauthorized access, breaches, and malicious actors. As organizations expand globally, securing data at rest and in transit becomes even more complex. Local and industry-specific regulatory requirements, such as the European Union’s General Data Protection Regulation (GDPR), France’s SecNumCloud, France’s Health Data Housing (HDS), the United Kingdom’s National Data Strategy & NIS Directive, Germany’s Federal Data Protection Act (BDSG), the United Arab Emirate’s National Cybersecurity Strategy, and Turkey’s Personal Data Protection Law (KVKK), require not only strict security controls but also accountability from service providers on where and how data is processed. VMware Sovereign Cloud Providers design their systems with security at their core. These providers operate within strict compliance boundaries, enabling organizations to host sensitive data in-country while leveraging robust encryption, zero-trust architectures, and continuous monitoring and auditing capabilities. The combination of VMware’s advanced security solutions within VMware Cloud Foundation and available Add-On solutions with local expertise and third party solutions managed by the provider, ensures that organizations can maintain a sovereign cloud infrastructure without compromising on innovation or scalability. Key Advantage: By working with Sovereign VMware Cloud Service Providers, organizations can ensure that their data remains fully within jurisdictional boundaries and is protected by some of the most advanced security protocols in the industry. Privacy: Ensuring Compliance and Trust Data privacy regulations are growing more stringent globally. Organizations must ensure they comply with laws that govern how personal data is collected, stored, and processed, such as the GDPR, the California Consumer Privacy Act (CCPA), or industry-specific regulations, like HIPAA for Personal Health Information (PHI). Achieving compliance means not only storing data locally but also demonstrating full control over data access and usage. Sovereign VMware Cloud Service Providers servicing vertical-specific industries, such as health insurance and healthcare organizations that have to comply with  HIPPA regulations  must provide administrative, physical and technical safeguards, underpinned with a legally binding business associate agreement (BAA) outlining the VMware Cloud Service Provider responsibilities. They also utilise frameworks like HITRUST for HIPAA, GDPR and NIST streamline compliance with a structured approach to managing security and privacy. All told, providing this level of coverage is a big task, and keeping up with regular SOC2 and HIPAA audits, pen tests and compliance validation is a workload that the provider takes on for their customers, allowing customers to focus on their businesses, not their infrastructure or data. Sovereign VMware Cloud Service Providers offer dedicated VMware Cloud Foundation-based features and capabilities and other typical cloud capabilities to help healthcare organizations manage HIPAA-compliant workloads, including: Encryption: Encrypting PHI data both at rest and in transit to ensure data security and privacy. Identity and Access Management (IAM): Enforcing role-based access, multi-factor authentication (MFA), and user activity monitoring. Backup and Disaster Recovery: Providing automatic backups, replication, and disaster recovery solutions to maintain ePHI availability. Logging and Monitoring: Ensuring detailed audit logs and monitoring of access to ePHI for real-time threat detection. Secure Communication Channels: Providing HIPAA-compliant virtual private networks (VPNs) and secure APIs to connect healthcare systems securely. Sovereign VMware Cloud Service Providers offer comprehensive frameworks, often underpinned by NIST or other frameworks, such as ISO/IEC 27001 and 27701 certifications, to address privacy concerns. These providers ensure that data handling complies with appropriate privacy laws, and they give businesses the ability to demonstrate compliance through robust audit trails and data access controls. Additionally, they enable organizations to define and enforce granular privacy policies that can govern how data is processed, stored, and accessed, ensuring full transparency for both the organization and its customers. Key Advantage: Privacy is built into the sovereign cloud model. By partnering with Sovereign VMware Cloud Service Providers, organizations gain the ability to manage and protect customer data in a way that meets or exceeds privacy laws at the local, national, or regional levels, reinforcing customer trust and mitigating legal risk. Portability: Avoiding Vendor Lock-In and Enabling Growth True data sovereignty isn’t just about keeping data within borders or complying with laws and regulations—it’s also about ensuring that data is portable, and systems are interoperable.  Cloud choice and data portability are big factors in cloud, and organizations must be able to back out of agreements to migrate to better placed clouds as they wish. Organizations that fail to plan for data portability may find themselves locked into specific vendors or technologies, unable to fully leverage their data as they scale or expand into new markets. Interoperability across hybrid cloud environments and 3rd party systems is crucial for maintaining flexibility and avoiding operational silos. Sovereign VMware Cloud Service Providers leverage open standards to support seamless integration across various platforms, ecosystems, and jurisdictions. This high level of interoperability allows organizations to scale globally while remaining compliant with local regulations and facilitating easy data movement between environments. VMware Cloud Foundation supports key open standards, such as Open Virtualization Format (OVF) for secure and efficient virtual machine distribution, OpenStack APIs for access to familiar tools while benefiting from VMware’s enterprise-grade features, and Kubernetes for managing containerized workloads. This enables organizations to run

source

Enterprises making progress Other IT leaders were less convinced of WalkMe’s numbers. Hundreds of unauthorized apps would not have been surprising a decade ago, but since then, CIOs have become more strategically engaged with business leaders in their organizations, says Bill Hineline, field CTO at Chronosphere, provider of a cloud observability platform. But the use of unauthorized apps remains a problem for many organizations, he adds. “Ghost IT, frustration with IT systems, and unauthorized apps are generally tightly interconnected in my experience,” he says. “You start with user frustration that stems from either support problems, reliability issues, or functionality gaps unaddressed by the technology organization.” When these issues exist, business teams often source their own IT solutions, Hineline says. “It rarely ends well for either the business team, the ghost IT team, or the central technology organization,” he adds. source

The Challenge: Many IT procurement processes focus on short-term cost-cutting rather than long-term business value. AI in Action: AI transforms procurement into a strategic function by optimizing spend, improving supplier collaboration, and aligning purchasing decisions with your business goals. Breaking Barriers with AI Traditional procurement models, designed for an era of predictable IT investments, can’t keep pace with the breakneck speed of today’s software development. If you want to stay competitive, you need smarter, faster ways to evaluate, select, and deploy new technology. source