This was the year of AI agents. Chatbots that simply answered questions are now evolving into autonomous agents that can carry out tasks on a user’s behalf, so enterprises continue to invest in agentic platforms as transformation evolves. Software vendors are investing in it as fast as they can, too.

According to a National Research Group survey of more than 3,000 senior leaders, more than half of executives say their organization is already using AI agents. Of the companies that spend no less than half their AI budget on AI agents, 88% say they’re already seeing ROI on at least one use case, with top areas being customer service and experience, marketing, cybersecurity, and software development.

On the software provider side, Gartner predicts 40% of enterprise software applications in 2026 will include agentic AI, up from less than 5% today. And agentic AI could drive approximately 30% of enterprise application software revenue by 2035, surpassing $450 billion, up from 2% in 2025. In fact, business users might not have to interact directly with the business applications at all since AI agent ecosystems will carry out user instructions across multiple applications and business functions. At that point, a third of user experiences will shift from native applications to agentic front ends, Gartner predicts.

It’s already starting. Most enterprise applications will have embedded assistants, a precursor to agentic AI, by the end of this year, adds Gartner.

IDC has similar predictions. By 2028, 45% of IT product and service interactions will use agents as the primary interface, the firm says. That’ll change not just how companies work, but how CIOs work as well.

Agents as employees

At financial services provider OneDigital, chief product officer Vinay Gidwaney is already working with AI agents, almost as if they were people.

“We decided to call them AI coworkers, and we set up an AI staffing team co-owned between my technology team and our chief people officer and her HR team,” he says. “That team is responsible for hiring AI coworkers and bringing them into the organization.” You heard that right: “hiring.”

The first step is to sit down with the business leader and write a job description, which is fed to the AI agent, and then it becomes known as an intern.

“We have a lot of interns we’re testing at the company,” says Gidwaney. “If they pass, they get promoted to apprentices and we give them our best practices, guardrails, a personality, and human supervisors responsible for training them, auditing what they do, and writing improvement plans.”

The next promotion is to a full-time coworker, and it becomes available to be used by anyone at the company.

“Anyone at our company can go on the corporate intranet, read the skill sets, and get ice breakers if they don’t know how to start,” he says. “You can pick a coworker off the shelf and start chatting with them.”

For example, there’s Ben, a benefits expert who’s trained on everything having to do with employee benefits.

“We have our employee benefits consultants sitting with clients every day,” Gidwaney says. “Ben will take all the information and help the consultants strategize how to lower costs, and how to negotiate with carriers. He’s the consultants’ thought partner.”

There are similar AI coworkers working on retirement planning, and on property and casualty as well. These were built in-house because they’re core to the company’s business. But there are also external AI agents who can provide additional functionality in specialized yet less core areas, like legal or marketing content creation. In software development, OneDigital uses third-party AI agents as coding assistants.

When choosing whether to sign up for these agents, Gidwaney says he doesn’t think of it the way he thinks about licensing software, but more to hiring a human consultant or contractor. For example, will the agent be a good cultural fit?

But in some cases, it’s worse than hiring humans since a bad human hire who turns out to be toxic will only interact with a small number of other employees. But an AI agent might interact with thousands of them.

“You have to apply the same level of scrutiny as how you hire real humans,” he says.

A vendor who looks like a technology company might also, in effect, be a staffing firm. “They look and feel like humans, and you have to treat them like that,” he adds.

Another way that AI agents are similar to human consultants is when they leave the company, they take their expertise with them, including what they gained along the way. Data can be downloaded, Gidwaney says, but not necessarily the fine-tuning or other improvements the agent received. Realistically, there might not be any practical way to extract that from a third-party agent, and that could lead to AI vendor lock-in.

Edward Tull, VP of technology and operations at JBGoodwin Realtors, says he, too, sees AI agents as something akin to people. “I see it more as a teammate,” he says. “As we implement more across departments, I can see these teammates talking to each other. It becomes almost like a person.”

Today, JBGoodwin uses two main platforms for its AI agents. Zapier lets the company build its own and HubSpot has its own AaaS, and they’re already pre-built. “There are lead enrichment agents and workflow agents,” says Tull.

And the company is open to using more. “In accounting, if someone builds an agent to work with this particular type of accounting software, we might hire that agent,” he says. “Or a marketing coordinator that we could hire that’s built and ready to go and connected to systems we already use.”

With agents, his job is becoming less about technology and more about management, he adds. “It’s less day-to-day building and more governance, and trying to position the company to be competitive in the world of AI,” he says.

He’s not the only one thinking of AI agents as more akin to human workers than to software.

“With agents, because the technology is evolving so far, it’s almost like you’re hiring employees,” says Sheldon Monteiro, chief product officer at Publicis Sapient. “You have to determine whom to hire, how to train them, make sure all the business units are getting value out of them, and figure when to fire them. It’s a continuous process, and this is very different from the past, where I make a commitment to a platform and stick with it because the solution works for the business.”

This changes how the technology solutions are managed, he adds. What companies will need now is a CHRO, but for agentic employees.

Managing outcomes, not persons

Vituity is one of the largest national, privately-held medical groups, with 600 hospitals, 13,800 employees, and nearly 14 million patients. The company is building its own AI agents, but is also using off-the-shelf ones, as AaaS. And AI agents aren’t people, says CIO Amith Nair. “The agent has no feelings,” he says. “AGI isn’t here yet.”

Instead, it all comes down to outcomes, he says. “If you define an outcome for a task, that’s the outcome you’re holding that agent to.” And that part isn’t different to holding employees accountable to an outcome. “But you don’t need to manage the agent,” he adds. “They’re not people.”

Instead, the agent is orchestrated and you can plug and play them. “It needs to understand our business model and our business context, so you ground the agent to get the job done,” he says.

For mission-critical functions, especially ones related to sensitive healthcare data, Vituity is building its own agents inside a HIPAA-certified LLM environment using the Workato agent development platform and the Microsoft agentic platform.

For other functions, especially ones having to do with public data, Vituity uses off-the-shelf agents, such as ones from Salesforce and Snowflake. The company is also using Claude with GitHub Copilot for coding. Nair can already see that agentic systems will change the way enterprise software works.

“Most of the enterprise applications should get up to speed with MCP, the integration layer for standardization,” he says. “If they don’t get to it, it’s going to become a challenge for them to keep selling their product.”

A company needs to be able to access its own data via an MCP connector, he says. “AI needs data, and if they don’t give you an MCP, you just start moving it all to a data warehouse,” he adds.

Sharp learning curve

In addition to providing a way to store and organize your data, enterprise software vendors also offer logic and functionality, and AI will soon be able to handle that as well.

“All you need is a good workflow engine where you can develop new business processes on the fly, so it can orchestrate with other agents,” Nair says. “I don’t think we’re too far away, but we’re not there yet. Until then, SaaS vendors are still relevant. The question is, can they charge that much money anymore.”

The costs of SaaS will eventually have to come down to the cost of inference, storage, and other infrastructure, but they can’t survive the way they’re charging now he says. So SaaS vendors are building agents to augment or replace their current interfaces. But that approach itself has its limits. Say, for example, instead of using Salesforce’s agent, a company can use its own agents to interact with the Salesforce environment.

“It’s already happening,” Nair adds. “My SOC agent is pulling in all the log files from Salesforce. They’re not providing me anything other than the security layer they need to protect the data that exists there.”

AI agents are set to change the dynamic between enterprises and software vendors in other ways, too. One major difference between software and agents is software is well-defined, operates in a particular way, and changes slowly, says Jinsook Han, chief of strategy, corporate development, and global agentic AI at Genpact.

“But we expect when the agent comes in, it’s going to get smarter every day,” she says. “The world will change dramatically because agents are continuously changing. And the expectations from the enterprises are also being reshaped.”

Another difference is agents can more easily work with data and systems where they are. Take for example a sales agent meeting with customers, says Anand Rao, AI professor at Carnegie Mellon University. Each salesperson has a calendar where all their meetings are scheduled, and they have emails, messages, and meeting recordings. An agent can simply access those emails when needed.

“Why put them all into Salesforce?” Rao asks. “If the idea is to do and monitor the sale, it doesn’t have to go into Salesforce, and the agents can go grab it.”

When Rao was a consultant having a conversation with a client, he’d log it into Salesforce with a note, for instance, saying the client needs a white paper from the partner in charge of quantum.

With an agent taking notes during the meeting, it can immediately identify the action items and follow up to get the white paper.

“Right now we’re blindly automating the existing workflow,” Rao says. “But why do we need to do that? There’ll be a fundamental shift of how we see value chains and systems. We’ll get rid of all the intermediate steps. That’s the biggest worry for the SAPs, Salesforces, and Workdays of the world.”

Another aspect of the agentic economy is instead of a human employee talking to a vendor’s AI agent, a company agent can handle the conversation on the employee’s behalf. And if a company wants to switch vendors, the experience will be seamless for employees, since they never had to deal directly with the vendor anyway.

“I think that’s something that’ll happen,” says Ricardo Baeza-Yates, co-chair of the  US technology policy committee at the Association for Computing Machinery. “And it makes the market more competitive, and makes integrating things much easier.”

In the short term, however, it might make more sense for companies to use the vendors’ agents instead of creating their own.

“I recommend people don’t overbuild because everything is moving,” says Bret Greenstein, CAIO at West Monroe Partners, a management consulting firm. “If you build a highly complicated system, you’re going to be building yourself some tech debt. If an agent exists in your application and it’s localized to the data in that application, use it.”

But over time, an agent that’s independent of the application can be more effective, he says, and there’s a lot of lock-in that goes into applications. “It’s going to be easier every day to build the agent you want without having to buy a giant license. “The effort to get effective agents is dropping rapidly, and the justification for getting expensive agents from your enterprise software vendors is getting less,” he says.

The future of software

According to IDC, pure seat-based pricing will be obsolete by 2028, forcing 70% of vendors to figure out new business models.

With technology evolving as quickly as it is, JBGoodwin Realtors has already started to change its approach to buying tech, says Tull. It used to prefer long-term contracts, for example but that’s not the case anymore “You save more if you go longer, but I’ll ask for an option to re-sign with a cap,” he says.

That doesn’t mean SaaS will die overnight. Companies have made significant investments in their current technology infrastructure, says Patrycja Sobera, SVP of digital workplace solutions at Unisys.

“They’re not scrapping their strategies around cloud and SaaS,” she says. “They’re not saying, ‘Let’s abandon this and go straight to agentic.’ I’m not seeing that at all.”

Ultimately, people are slow to change, and institutions are even slower. Many organizations are still running legacy systems. For example, the FAA has just come out with a bold plan to update its systems by getting rid of floppy disks and upgrading from Windows 95. They expect this to take four years.

But the center of gravity will move toward agents and, as it does, so will funding, innovation, green-field deployments, and the economics of the software industry.

“There are so many organizations and leaders who need to cross the chasm,” says Sobera. “You’re going to have organizations at different levels of maturity, and some will be stuck in SaaS mentality, but feeling more in control while some of our progressive clients will embrace the move. We’re also seeing those clients outperform their peers in revenue, innovation, and satisfaction.”

Tech talent, especially with advanced and specialized skills, remains elusive. Findings from a recent IT global HR trends report by Gi Group show a 47% enterprise average struggles with sourcing and retaining talent. As a consequence, turnover remains high.

Another international study by Cegos highlights that 53% of 200 directors or managers of information systems in Italy alone say the difficulty of attracting and retaining IT talent is something they face daily. Cybersecurity is the most relevant IT problem but a majority, albeit slight, feels confident of tackling it. Conversely, however, only 8% think they’ll be able to solve the IT talent problem. IT team skills development and talent retention are the next biggest issues facing CIOs in Italy, and only 24% and 9%, respectively, think they can successfully address it.

“Talents aren’t rare,” says Cecilia Colasanti, CIO of Istat, the National Institute of Statistics. “They’re there but they’re not valued. That’s why, more often, they prefer to go abroad. For me, talent is the right person in the right place. Managers, including CIOs, must have the ability to recognize talents, make them understand they’ve been identified, and enhance them with the right opportunities.”

The CIO as protagonist of talent management

Colasanti has very clear ideas on how to manage her talents to create a cohesive and motivated group. “The goal I set myself as CIO was to release increasingly high-quality products for statistical users, both internal and external,” she says. “I want to be concrete and close the projects we’ve opened, to ensure the institution continues to improve with the contribution of IT, which is a driver of statistical production. I have the task of improving the IT function, the quality of the products released, the relevance of the management, and the well-being of people.”

Istat’s IT department currently has 195 people, and represents about 10% of the institute’s entire staff. Colasanti’s first step after her CIO appointment in October 2023 was to personally meet with all the resources assigned to management for an interview.

“I’ve been working at Istat since 2001 and almost everyone knows each other,” she says. “I’ve held various roles in the IT department, and in my latest role as CIO, I want to listen to everyone to gather every possible viewpoint. Because how well we know each other, I feel my colleagues have a high expectation of our work together. That’s why I try to establish a frank dialogue and avoid ambiguity. But I make it clear that listening doesn’t mean delegating responsibility. I accept some proposals, reject others, and try to justify choices.”

Another move was to reinstate the two problems, two solutions initiative launched in Istat many years ago. Colasanti asked staff, on a voluntary basis, to identify two problems and propose two solutions. She then processed the material and shared the results in face-to-face meetings, commenting on the proposals, and evaluating those to be followed up.

“I’ve been very vocal about this initiative,” she says, “But I also believe it’s been an effective way to cement the relationship of trust with my colleagues.”

Some of the inquiries related to career opportunities and technical issues, but the most frequent pain points that emerged were internal communication and staff shortages. Colasanti spoke with everyone, clarifying which points she could or couldn’t act on. Career paths and hiring in the public sector, for example, follow precise procedures where little could be influenced.

“I tried to address all the issues from a proactive perspective,” she says. “Where I perceived a generic resistance to change rather than a specific problem, I tried to focus on intrinsic motivation and people’s commitment. It’s important to explain the strategies of the institution and the role of each person to achieve objectives. After all, people need and have the right to know the context in which they operate, and be aware of how their work affects the bigger picture.”

Engagement must be built day by day, so Colasanti regularly meets with staff including heads of department and service managers.

Small enterprise, big concerns

The case of Istat stands out for the size of its IT department, but in SMEs, IT functions can be just a handful of people, including the CIO, and much of the work is done by external consultants and suppliers. It’s a structure that has to be worked with, dividing themselves between coordinating various resources across different projects, and the actual IT work. Outsourcing to the cloud is an additional support but CIOs would generally like to have more in-house expertise rather than depend on partners to control supplier products.

“Attracting and retaining talent is a problem, so things are outsourced,” says the CIO of a small healthcare company with an IT team of three. “You offload the responsibility and free up internal resources at the risk of losing know-how in the company. But at the moment, we have no other choice. We can’t offer the salaries of a large private group, and IT talent changes jobs every two years, so keeping people motivated is difficult. We hire a candidate, go through the training, and see them grow only to see them leave. But our sector is highly specialized and the necessary skills are rare.”

The sirens of the market are tempting for those with the skills to command premium positioning, and the private sector is able to attract talent more easily than public due to its hiring flexibility and career paths.

“The public sector offers the opportunity to research, explore and deepen issues that private companies often don’t invest in because they don’t see the profit,” says Colasanti. “The public has the good of the community as its mission and can afford long-term investments.”

Training builds resource retention

To meet demand, CIOs are prioritizing hiring new IT profiles and training their teams, according to the Cegos international barometer. Offering reskilling and upskilling are effective ways to overcome the pitfalls of talent acquisition and retention.

“The market is competitive, so retaining talent requires barriers to exit,” says Emanuela Pignataro, head of business transformation and execution at Cegos Italia. “If an employer creates a stimulating and rewarding environment with sufficient benefits, people are less likely to seek other opportunities or get caught up in the competition. Many feel they’re burdened with too many tasks they can’t cope with on their own, and these are people with the most valuable skills, but who often work without much support. So if the company spends on training or onboarding new people who support these people, they create reassurance, which generates loyalty.”

In fact, Colasanti is a staunch supporter of life-long learning, and the experience that brings balance and management skills. But she doesn’t have a large budget for IT training, yet solutions in response to certain requests are within reach.

“In these cases, I want serious commitment,” she says. “The institution invests and the course must give a result. A higher budget would be useful, of course, especially for an ever-evolving subject like cybersecurity.”

The need for leadership

CIOs also recognize the importance of following people closely, empowering them, and giving them a precise and relevant role that enhances motivation. It’s also essential to collaborate with the HR function to develop tools for welfare and well-being.

According to the Gi Group study, the factors that IT candidates in Italy consider a priority when choosing an employer are, in descending order, salary, a hybrid job offer, work-life balance, the possibility of covering roles that don’t involve high stress levels, and opportunities for career advancement and professional growth.

But there’s another aspect that helps solve the age-old issue of talent management. CIOs need to recognize more of the role of their leadership. At the moment, Italian IT directors place it at the bottom of their key qualities. In the Cegos study, technical expertise, strategic vision, and ability to innovate come first, while leadership came a distant second. But the leadership of the CIO is a founding basis, even when there’s disagreement with choices.

“I believe in physical presence in the workplace,” says Colasanti. “Istat has a long tradition of applying teleworking and implementing smart working, which everyone can access if they wish. Personally, I prefer to be in the office, but I respect the need to reconcile private life and work, and I have no objection to agile working. I’m on site every day, though. My colleagues know I’m here.”

기술 부채가 IT 조직을 마비시킬 위협 요인으로 떠오르자 상당수 CIO가 레거시 소프트웨어와 시스템 유지보수·업그레이드를 위해 서드파티 서비스 업체에 눈을 돌리고 있다. 매니지드 서비스 업체 엔소노(Ensono)가 실시한 설문조사 결과, IT 리더 100명 가운데 95명이 레거시 IT를 현대화하고 기술 부채를 줄이기 위해 외부 서비스 업체를 활용하고 있는 것으로 나타났다.

이 같은 움직임은 부분적으로 레거시 IT 비용 증가에서 비롯됐다. 응답자 가운데 거의 절반은 지난해 노후 IT 시스템 유지보수에 예산보다 더 많은 비용을 지출했다고 답했다. 더 큰 문제는 레거시 애플리케이션과 인프라가 IT 조직의 발목을 잡고 있다는 점이다. IT 리더 10명 가운데 9명은 레거시 유지보수가 AI 현대화 계획에 걸림돌이 되고 있다고 지적했다.

엔소노의 CTO 팀 베어먼은 “레거시 시스템 유지보수가 현대화 노력에 큰 방해가 되고 있다”라며, “전형적인 혁신가의 딜레마다. 혁신보다는 노후 시스템과 그 해결 방안에만 집중하고 있다”라고 지적했다.

일부 CIO는 레거시 시스템 운영을 서비스 업체에 맡기거나 외부 IT팀을 활용해 기술 부채를 정리하고 소프트웨어와 시스템을 현대화하고 있다. 베어먼은 레거시 시스템을 외부에 맡기는 기업이 증가하는 배경으로 고령화된 인력을 꼽았다. 기업 내부의 레거시 시스템 전문가가 은퇴하면서 축적된 지식도 함께 빠져나가고 있다는 의미다.

베어먼은 “이 일을 내부에서 직접 처리할 수 있는 인력이 많지 않다. 조직 내 인력이 고령화되고 퇴직자가 늘어나는 상황에서, 필요한 인재를 채용하기 어려운 영역에서는 외부에서 전문 인력을 찾아야 한다”라고 설명했다. 또, “MSP 모델 자체는 수십 년 전부터 존재했지만, 최근에는 예산을 확보하고 AI를 도입할 시간을 만들기 위해 MSP를 기술 부채 관리 수단으로 활용하는 흐름이 커지고 있다”라고 분석했다.

AI처럼 새로운 기술이 빠르게 확산되는 것도 이런 흐름에 일조하고 있다. 베어먼은 “한쪽에는 관리·유지해야 하는 레거시 문제가 있고, 다른 한쪽에는 수년 동안 경험하지 못한 속도로 발전하는 최신 기술이 있어 양쪽을 동시에 따라가기 어렵다”라고 덧붙였다.

위험의 아웃소싱

사이버 보안 서비스 업체 뉴빅(Neuvik)의 CEO 라이언 레이르빅은 레거시 IT 관리를 서비스 업체에 맡기는 흐름이 확대되고 있다는 점에 동의했다. 레이르빅은 레거시 시스템에 적합한 전문가를 매칭하는 등 여러 장점을 언급하면서도, CIO가 위험 관리를 위해 MSP를 활용하는 경향도 있다고 지적했다.

레이르빅은 “많은 장점 가운데 자주 언급되지 않는 핵심은 취약점 악용이나 서비스 중단 위험을 서비스 업체에 맡길 수 있다는 점”이라며, “취약점 발견과 패치, 전반적인 유지보수에 지속적으로 많은 비용이 드는 환경에서는 잘못 대응했을 때 발생하는 위험을 서비스 업체가 떠안게 되는 경우가 많다”라고 설명했다.

미 국방부(US Department of Defense)에서 비서실장 겸 사이버 부문 부국장을 지낸 레이르빅은 레거시 IT 유지보수 예산을 초과 집행한 IT 책임자가 많다는 것이 놀랄 일은 아니라고 말한다. 많은 조직이 현재 보유한 IT 인프라와 앞으로 전환해야 할 인프라 사이에서 필요한 인재 역량이 맞지 않는 상황에 놓여 있다고 지적하며, 레거시 소프트웨어와 시스템의 지속적인 유지보수 비용이 예상보다 더 많이 드는 경우도 잦다고 말했다.

레이르빅은 “초기 도입 비용이 1이라면, 유지보수 비용은 1X이기 때문에 예상하지 못한 거대한 유지보수 꼬리가 생긴다”라고 덧붙였다.

레거시 유지보수의 덫에서 벗어나려면 적절한 서드파티 업체를 고르는 선견지명과 선택 기준이 필요하다. 레이르빅은 “장기적인 관점에서 해당 업체와 향후 5년 계획이 맞물리는지 반드시 확인해야 한다. 또 조직의 목표와 업체가 제공하려는 지원 방향이 일치하는지도 점검해야 한다”라고 조언했다.

두 번 지불하는 비용

일부 IT 리더가 레거시 시스템 현대화를 서드파티 업체에 맡기고 있지만, IT 서비스 관리 및 고객 서비스 소프트웨어 업체 프레시웍스(Freshworks)가 최근 공개한 보고서는 이런 현대화 노력이 과연 효율적인지에 의문을 제기했다.

프레시웍스의 조사에서 응답자의 3/4 이상은 소프트웨어 도입에 예상보다 더 많은 시간이 걸린다고 답했고, 프로젝트 가운데 2/3은 예산을 초과했다고 응답했다. 프레시웍스의 CIO 아슈윈 발랄은 서드파티 서비스 업체가 이 문제를 해결해 주지 못할 수도 있다고 경고했다.

발랄은 “레거시 시스템이 너무 복잡해지면서 기업이 도움을 구하려고 서드파티 업체와 컨설턴트에 점점 더 의존하고 있지만, 실제로는 수준 이하의 레거시 시스템을 다른 수준 이하 레거시 시스템으로 바꾸는 결과에 그치는 경우가 많다”라며, “서드파티 업체와 컨설턴트를 추가하면 기존 문제를 해결하기보다는 새로운 복잡성만 더해 문제를 악화시키는 사례도 적지 않다”라고 지적했다.

해법은 서드파티 업체를 늘리는 것이 아니라 별도의 복잡한 작업 없이 바로 쓸 수 있는 새로운 기술을 도입하는 데 있다. 발랄은 “이론적으로 서드파티 업체는 전문성과 속도를 제공한다. 하지만 현실에서는 복잡한 기술을 도입하는 데 한 번, 해당 기술이 제대로 작동하도록 컨설턴트를 투입하는 데 또 한 번 등 두 번 비용을 지불하는 경우가 많다”라고 꼬집었다.

피하기 어려운 서드파티 업체 활용

사이버 보안 솔루션 업체 워치가드 테크놀로지스(WatchGuard Technologies)의 필드 CTO 겸 CISO 애덤 윈스턴은 상당수 IT 리더가 일정 수준의 서드파티 지원을 사실상 피할 수 없는 선택으로 보고 있다. 윈스턴은 오래된 코드를 업데이트하거나 워크로드를 클라우드로 이전하고 SaaS 도구를 도입하고, 사이버보안을 강화하는 등 대부분의 과제에서 이제 외부 지원이 필요하다고 말했다.

윈스턴은 노후 원격접속 도구와 VPN을 포함한 레거시 시스템이 쌓이면 기술 부채가 눈덩이처럼 불어나 조직을 짓누를 수 있다고 경고했다. 또, 아직 많은 조직이 클라우드나 SaaS 도구로 완전히 현대화하지 못한 상태이며, 전환 시점이 오면 외부 업체에 도움을 요청할 수밖에 없을 것이라고 내다봤다.

윈스턴은 “대부분 기업은 자체 애플리케이션을 설계·개발·운영하지 않고, 그런 영역에 기술 부채가 쌓여 있는 상황에서 하이브리드 IT 구조를 유지하고 있다”라며, “여전히 코로케이션과 온프레미스 중심이던 시절의 환경을 유지하는 기업도 많고, 이런 환경에는 거의 예외 없이 레거시 서버와 레거시 네트워크, 현대적인 설계나 아키텍처를 따르지 않는 레거시 시스템이 포함돼 있다”라고 설명했다.

이런 기업의 IT 리더는 노후 기술을 단계적으로 퇴역시키는 계획을 세우고, IT 투자가 가능한 한 최신 상태를 유지하도록 솔루션 업체의 책임을 명확히 하는 서비스 계약을 체결해야 한다. 윈스턴은 많은 솔루션 업체가 신제품을 내놓으면서 기존 제품 지원을 너무 쉽게 중단한다고 지적했다.

윈스턴은 “업그레이드를 하지 않을 계획이라면 레거시 지원 비용을 면밀히 따져 보고, 업그레이드할 수 없다면 어떻게 격리할 것인지에 대한 답을 준비해야 한다”라며, “업그레이드가 불가능할 경우 위험을 옮기기 위한 이른바 ‘무덤 격리 전략(graveyard segmentation strategy)’을 어떻게 설계할지도 고민해야 한다”라고 강조했다. 또 “솔루션 업체 실사 과정에서 이런 논의가 빠지는 경우가 많고, 그러다 문제가 터지면 조직이 뒤늦게 놀라게 된다”라고 덧붙였다.

그렇다고 CIO가 레거시 IT 전문성을 쌓는 방향으로 커리어를 설계하는 것은 피해야 한다. 윈스턴은 “소프트웨어나 구축 비용을 충분히 상각하지 못했다면, 앞으로 도입하는 모든 신규 애플리케이션에는 최신 컴포넌트를 사용하겠다고 스스로 다짐해야 한다”라고 강조했다.
dl-ciokorea@foundryco.com

In my experience leading ERP modernization projects and collaborating with IT and business executives, I’ve learned that technology alone rarely determines success, but mindset and architecture do. Gartner reports, “By 2027, more than 70% of recently implemented ERP initiatives will fail to fully meet their original business case goals.” ERP success now requires a fundamentally different architecture.

For decades, ERP systems have been the core of enterprise operations: managing finance, supply chain, manufacturing, HR and more. The same systems that once promised control and integration are now stifling flexibility, slowing innovation and piling up technical debt.

From what I’ve observed across multiple ERP programs, the problem isn’t ERP itself, but rather, it’s how we’ve come to think about it. Many organizations still treat ERP purely as a system of record, missing the broader opportunity in front of them.

The next era of business agility will be defined by ERP as a composable platform: modular, data-centric, cloud-native and powered by AI. In many of the organizations I’ve worked with, technology leaders aren’t debating whether to modernize the core. Instead, they’re focused on how to do it without stalling the business.

Forbes captures the shift succinctly: “it is anticipated that 75% of global businesses will begin replacing traditional monolithic ERP systems with modular solutions — driven by the need for enhanced flexibility and scalability in business operations.” This highlights ERP’s evolution from monolithic legacy suites to an adaptive, innovation-driven platform.

Those who embrace this shift will make ERP an enabler of innovation. Those who don’t will watch their core systems become their biggest bottleneck and stay held back.

From monoliths to modular backbones

In the 1990s and 2000s, ERP meant one vendor, one codebase and one massive implementation project touching every corner of the business. Companies spent millions customizing software to fit every process nuance.

I saw the next chapter unfold with the cloud era. Companies such as SAP, Oracle, Microsoft and Infor transitioned their portfolios to SaaS, while a wave of startups emerged with modular, industry-focused ERP platforms. APIs and services finally promised a system that could evolve with the business.

In one transformation I supported, our biggest turning point came when we stopped treating ERP as a single implementation. We began decomposing capabilities into modules that business teams could own and evolve independently.

But for many enterprises, that promise never fully materialized. The issue isn’t the technology anymore, but the mindset. In many organizations, ERP is still viewed as a finished installation rather than a living platform meant to grow and adapt.

The cost of the old mindset

Legacy ERP thinking simply can’t keep up with today’s pace of change. The result is slower innovation, fragmented data and IT teams locked in perpetual catch-up mode. Organizations need architectures that change as fast as the business does.

LeanIX, citing Gartner research, highlights the advantage: “Organizations that have adopted a composable approach to IT are 80% faster in new-feature implementation, particularly when using what Gartner defines as composable ERP platforms,” demonstrating the performance gap between modular ERP and traditional monolithic systems.

I’ve seen legacy ERP thinking carry a high price tag in real projects:

• Inflexibility: Business models evolve faster than software cycles. Traditional ERP can’t keep up.
• Over-customization: Years of bespoke code make upgrades risky and expensive.
• Data fragmentation: Multiple ERP instances and disconnected modules create inconsistent data and unreliable analytics.
• User frustration: Outdated interfaces drive workarounds and disengagement.
• High total cost of ownership: Maintenance and upgrades consume budgets that should fund innovation.

Enter the composable ERP

The emerging composable ERP model breaks this monolith apart. Gartner defines it as an architecture where enterprise applications are assembled from modular building blocks, connected through APIs and unified by a data fabric.

As LeanIX explains, “Composable ERP, built on modular and interoperable components, allows organizations to respond faster to change by assembling capabilities as needed rather than relying on a rigid, monolithic suite,” illustrating the transition from static ERP systems to a dynamic, adaptable business platform.

Having worked on both sides — custom development and packaged ERP — I’ve learned that the real power of composability lies in how easily teams can assemble, not just integrate, capabilities. Rather than seeing ERP as a single suite, think of it as the system that enables how an enterprise operates. The core processes — finance, supply chain, manufacturing, HR — are what make up the base. Modular features such as AI forecasting, customer analytics and sustainability tracking can plug in dynamically as the business evolves.

This approach enables organizations to:

• Mix and match modules from different vendors or in-house teams.
• Integrate best-of-breed cloud apps through standard APIs instead of brittle custom code.
• Leverage AI for automation, insights and predictive decisions.
• Deliver persona-based experiences tailored to each user’s role.

Personas: The human face of composable ERP

Traditional ERP treated every user the same, in which there would be one interface, hundreds of menus, endless forms. Composable ERP flips that script with persona-based design, built around what each role needs to accomplish.

• CFOs see real-time financial health across entities with AI-driven scenario modeling.
• Supply chain leaders monitor live demand signals, supplier performance and sustainability metrics.
• Plant managers track IoT-enabled equipment, predictive maintenance and production KPIs.
• Sales and service teams access operational data seamlessly without switching systems.

From my experience, when ERP is designed around real personas rather than generic transactions, adoption rises and decisions happen faster.

Challenges and pitfalls

These are not theoretical issues; they’re the practical challenges I see IT and business teams grappling with every day.

• Data governance: Without a unified data strategy, modularity turns to chaos.
• Integration complexity: APIs require discipline for versioning, authentication, semantic alignment.
• Vendor lock-in: Even open platforms can create subtle dependencies.
• Change management: Employees need support and training to unlearn old habits.
• Security: A more connected system means a larger attack surface. Zero-trust security is essential.

True success demands leadership that balances technical depth with organizational empathy.

The CIO’s new playbook

Through years of ERP work and collaboration between business and IT teams, I’ve realized that the biggest hurdle to ERP success is the belief that ERP is a fixed system instead of a constantly evolving platform for innovation.

This shift isn’t about tools, but rather it’s about redefining the ERP’s role in the business. McKinsey reinforces this reality, stating, “Modernizing the ERP core is not just a technology upgrade — it is a business transformation that enables new capabilities across the enterprise.” It’s a shift that calls for a fundamentally different playbook, especially for CIOs leading modernization efforts.

1. Start with the business architecture, not the software. Define how you want your enterprise to operate, then design ERP capabilities to fit.
2. Build a unified data fabric. A composable ERP lives or dies by consistent, high-quality data.
3. Adopt modular thinking incrementally. Start small by piloting a few modules, prove the value, then scale.
4. Empower fusion teams. Blend IT, operations and business experts into agile squads that compose solutions quickly.
5. Measure success by outcomes, not go-lives. The goal is agility and resilience and not a single launch date.
6. Push vendors for openness. Demand published APIs and true interoperability, not proprietary cloud labels.

Oracle reinforces this imperative: “Companies need to move toward a portfolio that is more adaptable to business change, with composable applications that can be assembled, reassembled and extended,” highlighting flexibility as a core selection criterion.

Reframe ERP as an innovation platform. Encourage experimentation with low-code workflows, analytics and AI copilots.

Looking ahead: When ERP becomes invisible

In a few years, we might not even use the term ERP. Like CRM’s evolution into customer experience platforms, ERP will fade into the background, becoming the invisible digital backbone of the enterprise.

I’ve watched ERP evolve from on-premises to cloud to AI-driven platforms. AI will soon handle transactions and workflows behind the scenes, while employees interact through conversational interfaces and embedded analytics. Instead of logging into systems, they’ll simply request outcomes — and the composable ERP fabric will dynamically orchestrate everything required to deliver them.

That future belongs to organizations rethinking ERP today. This isn’t just another upgrade cycle — it’s a redefinition of how enterprises operate.

From record-keeping to value creation

ERP was once about efficiency — tracking inventory, closing books, enforcing process discipline. Today, it’s about resilience and innovation. From my own journey across multiple ERP programs, I’ve seen that the CIO’s challenge isn’t just keeping systems running, but also architecting agility into how the enterprise operates.

Composable ERP, which is built on cloud, AI and human-centered design, is the blueprint. It turns ERP from a system of record into a system of innovation that evolves as fast as the market around it.

The opportunity is clear: Lead the transformation or risk maintaining yesterday’s architecture while others design tomorrow’s enterprise.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

As tech debt threatens to cripple many IT organizations, a huge number of CIOs have turned to third-party service providers to maintain or upgrade legacy software and systems, according to a new survey.

A full 95% of IT leaders are now using outside service providers to modernize legacy IT and reduce tech debt, according to a survey by MSP Ensono.

The push is in part due to the cost of legacy IT, with nearly half of those surveyed saying they paid more in the past year to maintain older IT systems than they had budgeted. More importantly, dealing with legacy applications and infrastructure is holding IT organizations back, as nearly nine in 10 IT leaders say legacy maintenance has hampered their AI modernization plans.

“Maintaining legacy systems is really slowing down modernization efforts,” says Tim Beerman, Ensono’s CTO. “It’s the typical innovator’s dilemma — they’re focusing on outdated systems and how to address them.”

In some cases, CIOs have turned to service providers to manage legacy systems, but in other cases, they have looked to outside IT teams to retire tech debt and modernize software and systems, Beerman says. One reason they’re turning to outside service providers is an aging employee base, with internal experts in legacy systems retiring and taking their knowledge with them, he adds.

“Not very many people are able to do it themselves,” Beerman says. “You have maturing workforces and people moving out of the workforce, and you need to go find expertise in areas where you can’t hire that talent.”

While the MSP model has been around for decades, the move to using it to manage tech debt appears to be a growing trend as organizations look to clear up budget and find time to deploy AI, he adds.

“If you look at the advent of lot of new technology, especially AI, that’s moving much faster, and clients are looking for help,” Beerman says. “On one side, you have this legacy problem that they need to manage and maintain, and then you have technology moving at a pace that it hasn’t moved in years.”

Outsourcing risk

Ryan Leirvik, CEO at cybersecurity services firm Neuvik, also sees a trend toward using service providers to manage legacy IT. He sees several advantages, including matching the right experts to legacy systems, but CIOs may also use MSPs to manage their risk, he says.

“Of the many advantages, one primary advantage often not mentioned is shifting the exploitation or service interruption risk to the vendor,” he adds. “In an environment where vulnerability discovery, patching, and overall maintenance is an ongoing and expensive effort, the risk of getting it wrong typically sits with the vendor in charge.”

The number of IT leaders in the survey who overspent their legacy IT maintenance budgets also doesn’t surprise Leirvik, a former chief of staff and associate director of cyber at the US Department of Defense.

Many organizations have a talent mismatch between the IT infrastructure they have and the one they need to move to, he says. In addition, the ongoing maintenance of legacy software and systems often costs more than anticipated, he adds.

“There’s this huge maintenance tail that we weren’t expecting because the initial price point was one cost and the maintenance is 1X,” Leirvik says.

To get out of the legacy maintenance trap, IT leaders need foresight and discipline to choose the right third-party provider, he adds. “Take the long-term view — make sure the five-year plan lines up with this particular vendor,” he says. “Do your goals as an organization match up with where they’re going to help you out?”

Paying twice

While some IT leaders have turned to third-party vendors to update legacy systems, a recently released report from ITSM and customer-service software vendor Freshworks raises questions about the efficiency of modernization efforts.

More than three-quarters of those surveyed by Freshworks say software implementations take longer than expected, with two-thirds of those projects exceeding expected budgets.

Third-party providers may not solve the problems, says Ashwin Ballal, Freshworks’ CIO.

“Legacy systems have become so complex that companies are increasingly turning to third-party vendors and consultants for help, but the problem is that, more often than not, organizations are trading one subpar legacy system for another,” he says. “Adding vendors and consultants often compounds the problem, bringing in new layers of complexity rather than resolving the old ones.”

The solution isn’t adding more vendors, but new technology that works out of the box, Ballal adds.

“In theory, third-party providers bring expertise and speed,” he says. “In practice, organizations often find themselves paying for things twice — once for complex technology, and then again for consultants to make it work.”

Third-party vendors unavoidable

Other IT leaders see some third-party support as nearly inevitable. Whether it’s updating old code, moving workloads to the cloud, adopting SaaS tools, or improving cybersecurity, most organizations now need outside assistance, says Adam Winston, field CTO and CISO at cybersecurity vendor WatchGuard Technologies.

A buildup of legacy systems, including outdated remote-access tools and VPNs, can crush organizations with tech debt, he adds. Many organizations haven’t yet fully modernized to the cloud or to SaaS tools, and they will turn to outside providers when the time comes, he says.

“Most companies don’t build and design and manage their own apps, and that’s where all that tech debt basically is sitting, and they are in some hybrid IT design,” he says. “They may be still sitting in an era dating back to co-location and on-premise, and that almost always includes legacy servers, legacy networks, legacy systems that aren’t really following a modern design or architecture.”

Winston advises IT leaders to create plans to retire outdated technology and to negotiate service contracts that lean on vendors to keep IT purchases as up to date as possible. Too many vendors are quick to drop support for older products when new ones come out, he suggests.

“If you’re not going to upgrade, do the math on that legacy support and say, ‘If we can’t upgrade that, how are we going to isolate it?’” he says. “‘What is our graveyard segmentation strategy to move the risk in the event that this can’t be upgraded?’ The vendor due diligence leaves a lot of this stuff on the table, and then people seem to get surprised.”

CIOs should avoid specializing in legacy IT, he adds. “If you can’t amortize the cost of the software or the build, promise yourself that every new application that’s coming into the system is going to use the latest component,” Winston says.

For CIOs, the conversation around AI has moved from innovation to orchestration, and project management, long a domain of human coordination and control, is rapidly becoming the proving ground for how intelligent systems can reshape enterprise delivery and accelerate transformation.

In boardrooms across industries, CIOs face the same challenge of how to quantify AI’s promise in operational terms: shorter delivery cycles, reduced overhead, and greater portfolio transparency. A 2025 Georgia Institute of Technology-sponsored study of 217 project management professionals and C-level tech leaders revealed that 73% of organizations have adopted AI in some form of project management.

Yet amid the excitement, the question of how AI will redefine the role of the project manager (PM) remains, as does how will the future framework for the business transformation program be defined.

A shift in the PM’s role, not relevance

Across industries, project professionals are already seeing change. Early adopters in the study report project efficiency gains of up to 30%, but success depends less on tech and more on how leadership governs its use. The overwhelming majority found it highly effective in improving efficiency, predictive planning, and decision-making. But what does that mean for the associates running these projects?

Roughly one-third of respondents believed AI would allow PMs to focus more on strategic oversight, shifting from day-to-day coordination to guiding long-term outcomes. Another third predicted enhanced collaboration roles, where managers act as facilitators who interpret and integrate AI insights across teams. The rest envisioned PMs evolving into supervisors of AI systems themselves, ensuring that algorithms are ethical, accurate, and aligned with business goals.

These perspectives converge on a single point: AI will not replace PMs, but it will redefine their value. The PM of the next decade won’t simply manage tasks, they’ll manage intelligence and translate AI-driven insights into business outcomes.

Why PMOs can’t wait

For project management offices (PMOs), the challenge is no longer whether to adopt AI but how. AI adoption is accelerating, with most large enterprises experimenting with predictive scheduling, automated risk reporting, and gen AI for documentation. But the integration is uneven.

Many PMOs still treat AI as an add-on, a set of tools rather than its strategic capability. This misses the point since AI is about augmenting judgment and automation. The organizations gaining a real competitive advantage are those embedding AI into their project methodologies, governance frameworks, and performance metrics with this five-point approach in mind.

1. Begin with pilot projects

Think small, scale fast. The most successful AI integrations begin with targeted use cases that automate project status reports, predict schedule slippage, or identify resource bottlenecks. These pilot projects create proof points, generate enthusiasm, and expose integration challenges early.

2. Measure value, not just activity

One common pitfall is adopting AI without clear performance metrics. PMOs should set tangible KPIs such as reduction in manual reporting time, improved accuracy in risk forecasts, shorter project cycle times, and higher stakeholder satisfaction. Communicating these outcomes across the organization is just as important as achieving them. Success stories build momentum, foster buy-in, and demystify AI for skeptical teams.

3. Upskill PMs

AI will only be as valuable as the people who use it. Nearly half of the surveyed professionals cited lack of a skilled workforce as a barrier to AI integration. Project managers don’t need to become data scientists, but they must understand AI fundamentals, how algorithms work, where biases emerge, and what data quality means. In this evolving landscape, the most effective PMs will combine data literacy with human-centered leadership, including critical thinking, emotional intelligence, and communication.

4. Strengthen governance and ethics

Increasing AI raises pressing ethical questions, especially when algorithms influence project decisions. PMOs must take the lead in establishing AI governance frameworks that emphasize transparency, fairness, and human oversight. Embedding these principles into the PMO’s charter doesn’t just mitigate risk, it builds trust.

5. Evolve from PMO to BTO

The traditional PMO focuses on execution through scope, schedule, and cost. But AI-driven organizations are shifting toward business transformation offices (BTOs), which align projects directly with strategic value creation through process improvement in parallel. A PMO ensures projects are done right. A BTO ensures the right projects are done. A crucial element of this framework is the transition from a Waterfall to an Agile mindset. The evolution of project management has shifted from rigid plans to iterative, customer-centric, and collaborative methods, with hybrid methodologies becoming increasingly common. This Agile approach is vital for adapting to the rapid changes brought by AI and digital disruption.

The new PM career path

By 2030, AI could manage most routine project tasks, such as status updates, scheduling, and risk flagging, while human leaders focus on vision, collaboration, and ethics. This shift mirrors past revolutions in project management from the rise of Agile to digital transformation, but at an even faster pace. But as organizations adopt AI, the risk of losing the human element persists. Project management has always been about people and aligning interests, resolving conflicts, and inspiring teams. However, while AI can predict a delay, it can’t motivate a team to overcome it. The PM’s human ability to interpret nuance, build trust, and foster collaboration remains irreplaceable.

A call to action

AI represents the next frontier in enterprise project delivery, and the next decade will test how well PMOs, executives, and policymakers can navigate the evolution of transformation. To thrive, organizations must invest in people as much as in platforms, adopt ethical, transparent governance, foster continuous learning and experimentation, and measure success by outcomes rather than hype.

For CIOs, the mandate is clear: lead with vision, govern with integrity, and empower teams with intelligent tools. AI, after all, isn’t a threat to the project management profession. It’s a catalyst for its reinvention, and when executed responsibly, AI-driven project management will not only deliver operational gains but also build more adaptive, human-centered organizations ready for the challenges ahead. By embracing it thoughtfully, PMs can elevate their roles from administrators to architects of change.

For marketing teams under pressure to deliver more content at higher quality and in less time,  Firefly Boards introduces a new AI-driven way to brainstorm, explore, and align. Built into Adobe Firefly, Boards provides a centralized space where teams can generate, refine, and collaborate on creative ideas using leading AI models from Adobe and partners including Black Forest Labs, Google, Luma AI, Moonvalley, Pika, Marey, and Runway.

Adobe Firefly AI solutions help businesses meet the increasing demand for content. From accelerating ideation and editing to streamlining bulk production and assembly, Firefly is the leading technology powering creation and production at scale.

A unified workspace for faster ideation

Marketing campaigns rely on quick iteration, strong collaboration, and early alignment. Firefly Boards eliminates the friction of jumping between tools, manually sourcing assets, and navigating long feedback cycles. Instead, your team can work together in one shared environment where:

• Ideas are generated, refined, and evaluated in real time
• Stakeholders collaborate directly on the canvas
• Visual concepts are aligned early in the creative process
• Teams move from inspiration to activation significantly faster

This streamlined workflow supports faster decision-making and more efficient campaign development.

Powerful capabilities for creative exploration

With Firefly Boards, your marketing team can:

• Generate campaign imagery and video concepts using Adobe and partner AI models
• Leverage style and composition references to match brand look and feel
• Remix and combine concepts to test creative directions
• Apply visual elements — such as lighting or color — from one asset to another
• Seamlessly continue production work in Adobe Photoshop or Adobe Express
• Share Boards with cross-functional teams for instant feedback and alignment

These capabilities help marketing teams test more ideas, refine concepts quickly, and produce higher-quality creative outputs.

New features designed for speed and control

Firefly Boards now incorporates new tools that help marketers move from concept to campaign materials more efficiently:

• Presets: One-click generation across key styles — Product, Character, Virtual Try-On, Electric Party, and more — powered by Adobe Firefly and partner models.
• Generative Text Edit (beta): Update or replace text inside visuals directly within Boards, enabling quick iteration without disrupting workflows.
• Describe Image: Automatically generate a ready-to-edit prompt based on any existing image, making it easy to adapt and evolve campaign concepts.

These enhancements provide greater control, reduce guesswork, and accelerate the creative review process.

Ease management of your company’s marketing software

Firefly Boards is one AI tool within the broad scope of Adobe Firefly and Adobe Creative Cloud.  If your marketing team is already using Creative Cloud for teams, they already have access to many Firefly tools.  Firefly complements the design work your team is doing to create campaigns and brand tools that make your company stand out.  From a software deployment and management perspective, you gain ease of deployment and management when your marketing teams work with integrated apps managed at a unified console level.  Get 24/7 technical support and explore step-by-step product tutorials.

Learn more about Firefly Board here.

Ever feel like you’re buried in documents? Between reports, research, contracts, and meeting notes, business professionals often find themselves scrambling to summarize documents so they can get the information they need in time to act. 

They’re constantly preparing presentations, comparing proposals, and just trying to keep pace with a growing workload — and manual reviews are too slow and error-prone when they need to be productive. 

What your business needs is an AI-powered solution that reduces employee workloads by doing the heavy lifting, letting them search, summarize, and collaborate on documents all in one place. 

Representing the next generation of Adobe Acrobat and one of the best AI workspaces for faster, more focused document summarization, Adobe Acrobat Studio is designed to address these challenges. 

Together, these tools make Acrobat Studio one of the best AI workspaces for teams.  

Now, let’s explore the six best ways that AI can be used for document assistance for smarter work every day. 

6 ways to summarize documents in Adobe Studio

1. Consolidate and summarize multiple sources in PDF Spaces: In Acrobat Studio, you can combine a batch of multiple files – like reports, research studies, and meeting notes – into a single PDF Space. Once that happens, you can use Acrobat AI Assistant to identify key insights and generate concise summaries to see the big picture faster. 
2. Chat with documents using AI Assistant: The AI document assistant can be a great research partner. Ask it questions and get quick answers, or request a short overview of any document. AI Assistant works across a wide range of source types – including PDFs, Word docs, JPGs, PPT slides, web links, plain text, and scans – to help better understand content in seconds, synthesize it into key concepts and takeaways, or create summaries to share with others. 
3. Get instant summaries anywhere, anytime: Whether individuals are using the Acrobat desktop app, Acrobat web, or a mobile device, AI Assistant in PDF Spaces provides quick summaries and short takeaways on-demand. On mobile, teams can even use voice prompts while on the go for hands-free interactions that keep them productive — and safe. 
4. Verify and trust every summary with source citations: Each AI-generated summary includes clickable citations, so you can trace insights back to their original source in documents to verify accuracy, ensure personal relevance, and learn more. You’ll always know where the information came from — so you can make smarter decisions based on trusted insights. 
5. Compare and contrast different files effortlessly: Need to understand changes between two contracts or find patterns across reports? AI Assistant highlights similarities and differences  almost instantly, saving hours of tedious back-and-forth comparisons and manual toggling between files. 
6. Break down complex documents with ease: Got a document that’s full of technical jargon or complex concepts? AI Assistant can simplify dense language into clear, easy-to-understand explanations to help individuals grasp complex information faster and more accurately. 

Acrobat Studio provides clear, concise summaries quickly to help teams work smarter and faster. The platform’s AI-powered insights are built on Acrobat’s long-standing reputation for security and precision — and you can trust the documents and data that is uploaded to remain your own. Adobe does not use your content to train its generative AI models. (Learn more about how Adobe protects documents and content using responsible practices.) 

Help your teams remain productive anywhere with desktop, web, and mobile app access, and use Chrome or Edge browser extensions for quick edits and reviews. Acrobat Studio also integrates seamlessly with Microsoft 365, Dropbox, and other third-party cloud storage tools, to keep workflows connected. 

Whether they’re reviewing a single document or managing hundreds, Adobe Acrobat is one of the best AI platforms for summarizing documents — and one that combines the precision and trust of Acrobat with the creativity and intelligence of an all-in-one AI workspace. 

Try Acrobat Studio and experience how fast and simple document summarization can be. 

Today’s business professionals are looking for ways to work smarter and faster as they create content that stands out and attracts attention. But when you’re juggling multiple tools for writing, designing, and collaborating on documents, productivity can stall. 

Enter Adobe Acrobat Studio — the next generation of Acrobat, and one of the best AI creative workspaces. Adobe invented the PDF and is trusted by millions of users at over 745,000 organizations worldwide. In fact, more than 400 billion PDFs were opened or created with Acrobat in the past year alone. 

Now, Acrobat Studio is taking Acrobat’s established history to the next level, integrating all the core PDF tools you know and love into a completely re-imagined, all-in-one AI workspace to boost productivity and streamline document formatting workflows.  

With AI capabilities, seamless collaboration, and Adobe Express all in the same place, Acrobat Studio is designed to help individuals do their best work faster, with less stress, and create the most impactful content. Your teams can use Acrobat Studio and its smart, AI-powered tools to create beautiful documents that stand out, all in one of the most trusted AI workspaces. 

Why today’s users need a smarter, all-in-one workspace 

Acrobat Studio is designed to meet the needs of =business professionals who want a streamlined way to create, edit, share, and collaborate on documents, without having to toggle between different apps.

The goals are the same: intuitive design tools that increase productivity and efficiency, and a highly secure AI workspace where data and ideas are protected. Today’s professionals also want to use AI for document assistance, and prefer a single, integrated solution for drafting, designing, and collaborating, across all devices. Enter, the next era of Acrobat. 

Meet Acrobat Studio: The new Acrobat experience 

Acrobat Studio brings together: 

• PDF Spaces: AI-powered workspaces for learning, ideating, organizing, collaborating, and sharing knowledge
• AI Assistants: Create summaries, brainstorm ideas, and draft & refine content 
• Adobe Express design power: Produce stunning deliverables by easily stylizing your PDFs, creating custom AI images, and choosing from professionally-designed templates 
• Highly-secure collaboration: Share seamlessly and work together with easy review tools 
   

The best part: Teams have access to all these features in a single, smooth workflow throughout an entire project — without needing to work from multiple other platforms or apps. 

Work In sync, anywhere

With Acrobat Studio, a streamlined workflow follows individuals almost anywhere they choose to go. They can: 

• Work on the web, a Mac or Windows desktop, or mobile app with the Acrobat Reader app 
• Use the Chrome and Edge browser extensions to streamline reviews and edits 
• Take advantage of third-party cloud storage integrations — including Microsoft 365, Dropbox, and more — to collaborate and work seamlessly 
   

Create, collaborate, and elevate content with Acrobat Studio 

Acrobat is re-imagining document creation. Acrobat Studio is an all-in-one experience, where learning, thinking, writing, design, and collaboration happen seamlessly in one of the most trusted AI workspaces, with tools used by business professionals and content creators all over the world. 

From analysis and ideation to document formatting and content production, Acrobat Studio puts powerful AI and creativity tools at people’s fingertips to build faster, work smarter, and make every project amazing. 

Try Acrobat Studio today to see how AI, creativity, and collaboration come together in one platform. 

With the end of the year around the corner, I’ve been hearing a common refrain from enterprise IT and transformation leaders: “What budget should I allocate for AI agents in 2026?” The question comes as no surprise. While the rest of their organization might be winding down for the holidays, CIOs are gearing up for one of the most high-stakes planning cycles of the last decade.

AI agents are line items in almost every boardroom agenda. CIOs and CTOs are fielding a barrage of requests from their leadership cohort around “Where are our agents? What outcomes are we expecting? What’s the plan for next year?” According to Forrester, CIOs are set to receive more budget for AI in 2026, but it’s a case of more money, more problems. Next year, IT and tech leaders can expect continued business volatility and intensified pressure to justify every AI dollar is well spent.

As CIOs set their AI budgets, it’s worth taking a reality check: many AI projects are still struggling to make it from pilot to production, or if they do make it to production, they quickly find their use case cannot deliver the ROI they had hoped. That’s why I believe 2026 is a defining budget cycle. The organizations that select the right projects, invest in talent and capabilities and carefully consider the architecture needed to support agents at scale will build sustainable competitive advantages. As for the others? They’ll burn time and money on doomed pilots and incremental tools that offer no real business impact. To make smart bets for a critical year ahead, CIOs must start with understanding how AI agents can deliver real business outcomes instead of just excitement.

What do customers and employees actually want from AI agents? 

The reason AI agents are getting board-level attention is the promise to bridge the gap between human intent and business effect through automation. Over the course of the year, I’ve consulted with hundreds of enterprise leaders seeking to transform their business with AI agents. The ones able to turn those aspirations into transformations all possessed a similar ingredient – they identified the right use cases to start with. Any CIO and any organization can get this part right.

So what do customers and employees actually want from AI agents? Almost every high-impact AI agent project I’ve seen this year boils down to the same simple concept: a user expresses an intention, and an agent takes action on their behalf to deliver an outcome. This is the paradigm that separates agentic AI from chatbots. Agents promise to go beyond just information retrieval or recommendations. That capability is valuable, no doubt, but it’s table stakes in today’s AI world. Customers and employees don’t just want responses or insights; they want assistants that can take tangible actions. They don’t just want AI to help them navigate their supply chain orders across SAP modules; they want to say “order 10 tons of product” and have their agent deliver that outcome end to end.

The majority of successful AI agent projects I’ve seen look just like this. Agents for internal teams focus on meaningful ways to improve productivity by empowering workers to turn complex processes into simple requests. No one, especially anyone under 30, wants to spend time learning how to point-and-click their way through a needlessly complex user interface on a SaaS platform. Forward-thinkers are building their agents to ride a layer above core products to turn intention into outcomes. The ROI in these cases is driven by cost and time savings for the business, at scale.

As agentic capabilities evolve, I’m increasingly seeing this same concept also being applied to AI agents that reinvent the customer experience. Look at the mortgage industry for an example. These lenders report a high drop-off rate in online mortgage applications. The reality is that mortgage applications can be quite complicated. The average applicant is often overwhelmed by financial jargon or documents they may not have readily available. If the user gets confused and steps away, odds are they won’t come back. Now, imagine replacing that with an AI agent that interacts with the core service. It can answer questions, translate complex financial terms into plain terms in real-time, save the session if needed and securely reach out for bank documents. Just a 1-2% increase in completed applications from this represents a material impact on the bottom line. That’s high-impact for the business.

Don’t swing for the fences, just get on base 

As you’re allocating your budget for AI in 2026, here’s my advice: stop chasing moonshots. These vaguely scoped, overgeneralized agent dreams are often expensive, they rarely ship and they burn resources faster than they can create value. Instead, look for opportunities to hit singles and doubles. Keep your eye out for specific, high-value and outcome-driven projects that can deliver wins in months, not years. I’ll walk you through the coaching that I use with enterprise leaders planning AI projects.

Start with this question: What are 10 processes that are repetitive, well-documented and still being manually performed by humans? Score each one on a 1-10 scale across these three dimensions: the impact if you automated it, the risk if the project fails (where 10 is catastrophic) and the complexity to build and deploy it. The winning formula is high impact, low risk and low complexity. That’s your AI sweet spot. Aim your swings there.

One pharmaceutical company used this exact framework and landed on a sleeper hit: agent-based adverse event report processing. That’s not glamorous, but it freed up 40% of the team’s time that went back into actual drug discovery. In sales, I’m seeing teams use agents to create content production pipelines for outbounds, proposals and follow-ups, which helps speed up cycle times and frees reps to focus on closing deals. In financial services, agents are automating tedious back-office processes that are expensive and labor-intensive, cutting costs and reducing turnaround times by days.

Nailing the ROI formula for AI Agents 

So you’ve honed in on the right projects for 2026 AI agents, now comes the hard part: the investment. This is not free; you’ve got to make tough decisions about how to appropriate the budget and how to beef up the teams that will actually go build them. But first, you need to understand something critical about the ROI formula. Return and investment mean widely different things from company to company. 

At the enterprise scale, the value proposition for AI rests much more on increasing the bottom line. Enterprises have many more customers, opportunities for efficiency and additional sources of revenue. So even a one to two percent upside on a critical workflow, such as customer acquisition or cost reduction, can yield a material improvement to the bottom line. The scale at which enterprises operate changes the calculus for what automation flows should look like, due to the impact on their core business.

CIOs across the board must assemble the right team and ensure it is properly budgeted and staffed (I wrote on this topic earlier this year). On top of that, organizations must ensure they’re building AI agents the right way. Your ROI is fundamentally dependent on your ability to scale AI agents across all different teams in your business. Without security, compliance and governance built in from the start, you can’t scale at all. You need to solve for thousands of users, each with their own permissions, and be able to trace every action the agent takes on their behalf. Build these guardrails in from day one, and your agents can become force multipliers. Otherwise, they will drown under token costs to LLMs while the projects never go beyond a prototype.

If 2025 was the introduction to AI agents, then 2026 will be when the winners start to emerge. The companies that break away from the pack won’t be those that talked the loudest about agents or ran the most proof-of-cycle concepts. It will be the ones who shipped them to production and saved time, made money or created new customer experiences that resonate.  The difference won’t be luck; it will come down to those who approach agents with smart design, the right use case selection and informed bets on the teams and technology to bring automation to life. The right plan could change your company’s entire trajectory.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

Artificial intelligence is the most transformative technology shift since the birth of cloud computing.

Two decades ago, cloud platforms changed how enterprises thought about infrastructure. Right now, as you’re reading this, AI platforms are changing how enterprises think about intelligence.

The parallels between the two are well worth highlighting. In the early 2000s, CIOs debated whether to build their own data centers or trust a shared platform like AWS. Now, 20 years on, they’re asking a similar question: should we build our own large language models, or build on them?

I believe that the lesson from the cloud era still applies. Competitive advantage comes from leveraging the platforms that already exist and innovating on top of them rather than owning the infrastructure. Let’s get into why that’s the case.

The cloud’s first lesson: Leverage, don’t reinvent

When the first generation of cloud services appeared, their broadest appeal was speed. Developers could launch applications in minutes instead of months.

However, while speed was the most obvious appeal here, the cloud’s real breakthrough was strategic. By handing off infrastructure management, companies could redirect their energy toward experience and innovation.

The enterprises that tried to replicate the “hyperscalers” by building their own clouds from scratch discovered how hard it was to keep up with the pace of platform evolution. Costs ballooned at the same time that velocity disappeared. Those who embraced the leverage model (using shared platforms as a foundation) moved faster and spent less.

AI is now at the same crossroads. The instinct to build proprietary models from the ground up feels familiar, but it’s no more the right move than it was with cloud. Large language models have become a new layer of digital infrastructure that is analogous to compute and storage in the cloud era. They are utilities that are powerful, scalable and continuously improving through collective use.

I believe that owning the plumbing no longer differentiates you, and that it never did. The question for leaders isn’t “Can we build our own model?” It’s “What unique value can we deliver by building upon one?”

The power of open ecosystems

The rise of cloud was never about one product. It was about an ecosystem that invited participation. I worked at AWS, and I can tell you that its greatest innovation was an architecture that encouraged others to build on top of it. Every API call became a building block for something new.

AI platforms are following the same pattern. Tools like OpenAI, Anthropic and others are offering open interfaces and SDKs that turn intelligence into an accessible service. This openness fuels compounding innovation in the form of an ecosystem that every developer, data scientist and business analyst can contribute to.

Enterprises that align with open ecosystems benefit from shared progress. They can experiment without owning the entire stack and move faster as the underlying technology improves. Closed systems, though, tend to stagnate. When innovation depends solely on internal capacity, growth slows, costs rise and talent disperses.

From what I’ve seen across my career, the future belongs to platforms that treat users as co-creators. Products and ecosystems scale exponentially because every user is also a contributor!

The feedback flywheel

Feedback is one of technology’s most underappreciated engines of progress. I remember AWS famously saying that 90% of its roadmap came directly from customer requests. When I was there, I saw firsthand how each improvement drove more usage, which generated more feedback, which drove more innovation.

AI systems are built on the same dynamic. Reinforcement learning, fine-tuning and user telemetry all feed the model’s evolution. Every query, correction or prompt becomes a signal that refines the next response.

This feedback flywheel is now extending into enterprise AI adoption. Each workflow, chat interaction and model output is an opportunity to learn. The organizations that intentionally design feedback loops to flow between users, data and developers evolve their systems faster than those treating AI as a static tool. The former will become industry leaders while the latter lags behind.

What does this look like it practice? Teams must instrument AI use cases with metrics, monitor accuracy and context, and close the loop quickly when things go wrong. Feedback is a strategy for continuous learning, not some trivial support function.

The most advanced AI organizations are the ones with the tightest feedback loops, not the biggest models.

Platform thinking inside the enterprise

What does all of this mean for CIOs and technology leaders? It means applying the principles of platform thinking within your own walls.

I tell my clients to start by viewing their enterprise not as a collection of systems, but as a platform others can build upon. Create reusable AI capabilities like data pipelines, governance frameworks and integration patterns that different business units can safely leverage. Encourage decentralized innovation by giving teams the guardrails and APIs to experiment.

In the cloud era, self-service infrastructure changed how developers worked. In the AI era, self-service intelligence is doing the same. Marketing teams generate insights from unstructured data, HR automates knowledge discovery for onboarding, finance uses AI-powered forecasting to model business outcomes, and so on and so forth. Each function builds on a shared foundation while adding its own flavor of domain expertise.

CIOs play the critical role of orchestrator. Their job is to ensure interoperability, security and ethical use while enabling freedom at the edge. That balance between control and creativity will define the next generation of enterprise leaders.

Avoiding the reinvention trap

There’s a natural temptation to build everything in-house, especially in technology-driven organizations. It feels safer and more controllable, but history shows how easily that instinct can slow progress.

I’ve seen enterprises that tried to build their own private clouds fail to match the scale or speed of public ones. The same is true of AI. Training proprietary models consumes extraordinary compute and talent, while the underlying platforms advance faster than any single company can replicate.

The smarter move is to differentiate at the application layer through data strategy, user experience and domain-specific integration. Build the intelligence that understands your business while also relying on established platforms for the generic cognition that everyone needs.

The organizations that thrive will be those that orchestrate AI across their ecosystems, not those that try to reinvent it in isolation.

The leadership imperative

AI represents a once-in-a-generation shift. However, like every major shift before it, the winners will be those who learn the right lessons from history.

The cloud taught us that leverage beats ownership, ecosystems beat silos and feedback beats static roadmaps. AI simply brings those lessons into a new domain.

For CIOs and senior technology leaders, the mandate is clear: build architectures that learn and that use open ecosystems to accelerate progress. Make feedback a cultural habit instead of an afterthought. Focus your talent on solving unique business problems instead of replicating what the platforms already provide.

The question isn’t whether AI will transform your enterprise; it already is. The question is whether you’ll build on the right platform to make that transformation sustainable, ethical and fast.

I believe that the future belongs to leaders who understand that innovation is about what you enable, not ‘just’ about what you own.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

The increasing hype around AI has exceeded any other technology shift, perhaps ever. This has been met with a corresponding amount of investment. Gartner estimates worldwide spending on AI through 2025 will be nearly $1.5 trillion. Despite the staggering amount, most organizations continue to grapple with a chronic gap between promise and realized value.

The most widely recognized data point to support this comes from an MIT report from earlier this year that reveals 95% of gen AI pilots fail. A McKinsey study also found that nearly 80% of companies use gen AI, yet almost as many report no significant impact to the bottom line.

But there’s proof AI is working, if modestly. The 2025 Cisco AI Readiness Index shows 13% of all companies get consistently measurable returns from AI. So while this is a minority, leading organizations are starting to see value. But the origins of that value increasingly stem from leadership clarity, strategic alignment, and execution, not the technology itself. The Cisco AI Readiness Index measured this and found 99% of companies that have realized value from AI have a well-defined strategy that embraces change, and includes formal programs to help employees get comfortable with the new technology.

Today’s CEOs and CIOs face a generational inflection point. They must redefine success for AI not as a means of cost-cutting, but as a driver for capacity creation, innovation, and human-centric outcomes. The path forward requires breaking down work, reassessing where automation helps, and empowering talent to focus on growth and transformation.

Setting the stage: AI promise vs. reality

Among many CIOs, the biggest challenge is the C-Suite and board know they need AI but aren’t sure what for. This creates unrealistic expectations that AI will be a panacea to all problems and send productivity skyrocketing. When the outcomes are unrealistic, a successful project may be deemed unsuccessful because the initial goals were incorrect. A contributing factor to this problem is that many business units don’t have the KPIs to create the business metrics to measure.

An example of this is with contact centers where AI agents could be used for agent coaching, virtual agents, scheduling, scoring calls, note taking and more. Measuring the value of these can be difficult, so many businesses have defaulted to cutting costs by reducing agents. This can backfire if not done in a measured way. Klarna, for instance, eliminated about 700 agents, saw customer service scores tank, and then hired people back. This wasn’t a technology problem but rather leadership didn’t put the right plan in place to understand the impact.

Diagnosing the problem: Tech limitations or leadership gaps?

Issues with achieving ROI on AI and automation technology efforts are often confused with the diagnosis of the issue at hand. A lack of tech readiness concerning integrating complex data and scaling automation remains a challenge. More often than not, however, the issue that gets acted upon may be less with the technology itself and more with the way technology efforts are governed and led. This would indicate the obstacles that exist to technology’s successful implementation lie more with the board than the code and cloud setup. Failures happen because business leaders prioritize expediency driven by market hype instead of thinking about genuine business transformation.

It’s also important that prior to AI projects being kicked off, there’s clear business alignment and an understanding of the metrics being measured to calculate ROI. Projects launched as isolated technology experiments without a well-defined business case tied to a strategic priority are hard to measure and often vague in value, leading to projects that are easy to cut.

The leadership inflection point: Beyond cost cutting

The business world sits at a leadership inflection point where for the first time, workforce transformation will be more than just human. With the rapid adoption of AI and autonomous agents, leaders now face complex decisions about how value is derived and maintained within their organizations. This shift requires cutting costs but also reimagining the relationship between human skills and the technical capabilities of AI, which ensures organizational cultures and processes can adapt to this new era of hybrid workforces.

“Everyone’s been racing to build more AI models, compute, and agents, but the real bottleneck to enterprise AI adoption isn’t supply, it’s that enterprises don’t know where or how to use AI to do real work,” says Greg Shewmaker, CEO of enterprise intelligence company r.Potential. “We believe the missing piece is the coordination layer between human and digital work, where you can capture actual workforce demand, generate realistic and deployable configurations of human and AI capabilities, and tie them to real business outcomes. If we don’t get this right, the next wave of automation won’t just reshape companies, it’ll destabilize work itself.” 

His point underscores what many executives miss: AI’s promise isn’t just a technological or operational challenge, it’s an existential leadership one. As the boundaries blur between tasks suited for humans and those automated by machines, IT and business leaders will need to focus on maximizing value creation through deep integration of people, technology, and culture.​

So it becomes critical for the C-suite to reconsider timelines related to investments and expand capacity in accordance with tech and market needs. This shift in human capital management involves being able to forecast the future workforce and deploy human resources in sync with machine-based intelligence. Innovation should take precedence that’s less about adding to current performance and more about ensuring organizations can remain agile and ready to facilitate innovation in terms of related infrastructure and preparedness to reinvent themselves.

Breaking down work and value creation

Understanding the key components of work is essential to developing understandable ROI from AI. Any returns must consider the adoption of technology and the transformation of processes. The goal should be to leverage AI to amplify human effort in areas that require human judgment, empathy, and creativity rather than in areas where there’s only repetition of tasks, thereby assigning human resources to higher-value supervisory and human roles where they can be most productive and valuable.

The key to success is to refocus on enabling talent to drive revenue growth and innovation through AI. So the goal is to apply AI strategically to liberate highly-skilled people from working on the 80% of any job that can, should, and must be automated so they can focus on the last 20%, which drives new revenue growth, customer loyalty, and innovation breakthroughs.

The AI era will reshape every industry, and if CIOs and CEOs aren’t evolving, the AI investment will be wasted. The key to realizing real value in AI is to ensure leadership is future-ready and embraces new skills and change. It’s not about being the best coder in the room but instilling the right leadership structure. This involves a leadership mentality that uses AI to further human-centric goals and not simply fill an operational spreadsheet with AI data. This requires strict ethics and governance modeled in every aspect of decision-making, and firm alignment on the business side where every AI project has a defined purpose for the organization.

In a previous feature about enterprise architects, gen AI had emerged, but its impact on enterprise technology hadn’t been felt. Today, gen AI has spawned a plethora of agentic AI solutions from the major SaaS providers, and enterprise architecture and the role of enterprise architect is being redrawn. So what do CIOs and their architects need to know?

Organizations, especially their CEOs, have been vocal of the need for AI to improve productivity and bring back growth, and analysts have backed the trend. Gartner, for example, forecasts that 75% of IT work will be completed by human employees using AI over the next five years, which will demand, it says, a proactive approach to identifying new value-creating IT work, like expanding into new markets, creating additional products and services, or adding features that boost margins.

If this radical change in productivity takes place, organizations will need a new plan for business processes and the tech that operates those processes. Recent history shows if organizations don’t adopt new operating models, the benefits of tech investments can’t be achieved.

As a result of agentic AI, processes will change, as well as the software used by the enterprise, and the development and implementation of the technology. Enterprise architects, therefore, are at the forefront of planning and changing the way software is developed, customized, and implemented.

In some quarters of the tech industry, gen AI is seen as a radical change to enterprise software, and to its large, well-known vendors. “To say AI unleashed will destroy the software industry is absurd, as it would require an AI perfection that even the most optimistic couldn’t agree to,” says Diego Lo Giudice, principal analyst at Forrester. Speaking at the One Conference in the fall, Lo Giudice reminded 4,000 business technology leaders that change is taking place, but it’s built on the foundations of recent successes.

“Agile has given better alignment, and DevOps has torn down the wall between developers and operations,” he said. “They’re all trying to do the same thing, reduce the gap between an idea and implementation.” He’s not denying AI will change the development of enterprise software, but like Agile and DevOps, AI will improve the lifecycle of software development and, therefore, the enterprise architecture. The difference is the speed of change. “In the history of development, there’s never been anything like this,” adds Phil Whittaker, AI staff engineer at content management software provider Umbraco.

Complexity and process change

As the software development and customization cycle changes, and agentic applications become commonplace, enterprise architects will need to plan for increased complexity and new business processes. Existing business processes can’t continue if agentic AI is taking on tasks currently done manually by staff.

Again, Lo Giudice adds some levity to a debate that can often become heated, especially in the wake of major redundancies by AI leaders such as AWS. “The view that everyone will get a bot that helps them do their job is naïve,” he said at the One Conference. “Organizations will need to carry out a thorough analysis of roles and business processes to ensure they spend money and resources on deploying the right agents to the right tasks. Failure to do so will lead to agentic technology being deployed that’s not needed, can’t cope with complex tasks, and increases the cloud costs of the business.

“It’s easy to build an agent that has access to really important information,” says Tiago Azevedo, CIO for AI-powered low-code platform provider OutSystems. “You need segregation of data. When you publish an agent, you need to be able to control it, and there’ll be many agents, so costs will grow.”

The big difference, though, is deterministic and non-deterministic, says Whittaker. So non-deterministic requires guardrails of deterministic agents that produce the same output every time over the more random outcomes of non-deterministic agents. Defining business outcomes by deterministic and non-deterministic is a clear role for enterprise architecture. He adds that this is where AI can help organizations fill in gaps. Whittaker, who’s been an enterprise architect, says it’ll be vital for organizations to experiment with AI to see how it can benefit their architecture and, ultimately, business outcomes.

“The path to greatness lies not in chasing hype or dismissing AI’s potential, but in finding the golden middle ground where value is truly captured,” write Gartner analysts Daryl Plummer and Alicia Mullery. “AI’s promise is undeniable, but realizing its full value is far from guaranteed. Our research reveals the sobering odds that only one in five AI initiatives achieve ROI, and just one in 50 deliver true transformation.” Further research also finds just 32% of employees trust the organization’s leadership to drive transformation. “Agents bring an additional component of complexity to architecture that makes the role so relevant,” Azevedo adds.

In the past, enterprise architects were focused on frameworks. Whittaker points out that new technology models will need to be understood and deployed by architects to manage an enterprise that comprises employees, applications, databases, and agentic AI. He cites MCP as one as it provides a standard way to connect AI models to data sources, and simplifies the current tangle of bespoke integrations and RAG implementations. AI will also help architects with this new complexity. “There are tools for planning, requirements, creating epics, user stories, code generation, documenting code, and translating it,” added Lo Giudice.

New responsibilities

Agentic AI is now a core feature of every major EA tool, says Stéphane Vanrechem, senior analyst at Forrester. “These agents automate data validation, capability mapping, and artifact creation, freeing architects to focus on strategy and transformation.” He cites the technology of Celonis, SAP Signavio, and ServiceNow for their agentic integrations. Whittaker adds that the enterprise architect has become an important human in the loop to protect the organization and be responsible for the decisions and outcomes that agentic AI delivers.

Although some enterprise architects will see this as a collapse of their specialization, Whittaker thinks it broadens the scope of the role and makes them more T-shaped. “I can go deep in different areas,” he says. “Pigeon-holing people is never a great thing to do.”

Traditionally, architecture has suggested that something is planned, built, and then exists. The rise of agentic AI in the enterprise means the role of the enterprise architect is becoming more fluid as they continue to design and oversee construction. But the role will also involve continual monitoring and adjustment to the plan. Some call this orchestration, or perhaps it’s akin to map reading. An enterprise architect may plan a route, but other factors will alter the course. And just like weather or a fallen tree, which can lead to a route deviation, so too will enterprise architects plan and then lead when business conditions change.

Again, this new way of being an enterprise architect will be impacted by technology. Lo Guidice believes there’ll be increased automation, and Azevedo sides with the orchestration view, saying agents are built and a catalogue of them is created across the organization, which is an opportunity for enterprise architects and CIOs to be orchestrators.

Whatever the job title, Whittaker says enterprise architecture is more important than ever. “More people will become enterprise architects as more software is written by AI,” he says. “Then it’s an architectural role to coordinate and conduct the agents in front of you.” He argues that as technologists allow agents and AI to do the development work for them, the responsibility of architecting how agents and processes function broadens and becomes the responsibility of many more technologists.

“AI can create code for you, but it’s your responsibility to make sure it’s secure,” he adds. Rather than developing the code, technology teams will become architecture teams, checking and accepting the technology that AI has developed, and then managing its deployment into the business processes.

With shadow AI already embedded in organizations, Whittaker’s view shows the need for a team of enterprise architects that can help business align with the AI agents they’ve deployed, and at the same time protect customer data and cybersecurity posture.

AI agents are redrawing the enterprise, and at the same time replanning the role of enterprise architects.

Solo il 36% dei CIO è convinto che la sua azienda investa adeguatamente nella modernizzazione dell’infrastruttura IT e il 41% afferma che gli investimenti non bastano, secondo il report globale “Crucial Conversations: How to Achieve CIO-CEO Alignment in the Era of AI [in inglese]” di Netskope. Ma qual è la strategia migliore per convincere il board, o la proprietà, a spendere?

È la domanda a cui i direttori dell’IT cercano risposta ogni giorno, consapevoli che le risorse – finanziarie e umane – non sono mai sufficienti e che la pressione dei vertici è sempre verso il taglio dei costi. In questo contesto, l’investimento va giustificato come beneficio di business, anziché pura spesa tecnologica. Anzi, con tecnologie come l’AI i vantaggi non si quantificano nemmeno più solo con aumenti di fatturato e utili: per esempio, automatizzare un’attività per liberare una persona da compiti manuali significa che quella persona potrà lavorare sui progetti di innovazione. Ma quantificare questo risultato non è banale. Se poi si vuole dimostrare che l’AI, riducendo i task ripetitivi, permette di avere dipendenti più gratificati, le difficoltà aumentano: il Chief Information Officer dovrà trovare KPI capaci di dimostrare, per esempio, la diminuzione del turnover o la maggiore soddisfazione delle persone che diventano advocate all’esterno per la propria azienda, agevolando le sue attività di attrazione dei talenti. La bravura del CIO sta tutta nel mettere un numero a benefici poco “numerici” e illustrarlo in modo credibile al board.

Secondo la stessa indagine di Netskope, i CEO non vogliono CIO impazienti di adottare nuove tecnologie senza valutarne appieno i costi. In particolare per l’AI, gli amministratori delegati desiderano senz’altro implementarla per generare un valore commerciale misurabile, ma sono determinati a evitare spese eccessive e rischi. L’Italia non è tra i mercati studiati da questo report, ma i Chief Information Officer italiani si ritroveranno sicuramente in linea con quanto ne emerge: per i CEO, l’IT resta, almeno in parte, un costo. E CIO e CEO continuano, in molti casi, a non capirsi, perché non parlano la stessa lingua. Infatti, il 26% dei CIO globali afferma che è difficile avere il consenso del CEO su strategie di modernizzazione e trasformazione.

I leader italiani dell’IT hanno le loro strategie vincenti: ecco come ottengono il sì dei loro CEO sugli investimenti in digitalizzazione.

Prima strategia: la praticità

“Io uso esempi concreti e dati”, dichiara Francesco Taurino, fondatore e CIO/CTO di Data Felix (costruttore e gestore di servizi data center in Sud Italia) ed ex CIO di aziende dei servizi e della produzione. “Pensiamo agli investimenti in cybersicurezza o ridondanza. Molte aziende, anche grandi, vedono unicamente i costi, ma non pensano alla potenziale perdita legata al fermo di server e sistemi – e non solo in caso di attacchi informatici. In questi casi, basta mettere sul tavolo dell’AD un semplice calcolo: i soldi che si perdono se l’infrastruttura IT si ferma anche solo per un giorno”.

Taurino stima che, se un’azienda fattura 20 milioni l’anno, lo stop dei sistemi “brucia” 80-100 mila euro al giorno. A ciò si aggiungono eventuali multe per la non conformità, il danno reputazionale e così via. “Questo genere di discorso è molto efficace nel far comprende ai CEO l’importanza degli investimenti in backup, disaster recovery e misure di cyber sicurezza”, sottolinea Taurino.

Conferma Alberto Dalla Francesca, CIO di Omis Group (manifattura di macchinari industriali): per risolvere la difficoltà di coinvolgere il business nei progetti digitali la soluzione è “convertire i dati tecnici in euro”.

“Finché disegni un processo, l’attenzione del business è relativa, ma quando presenti dei numeri che corrispondono a dei vantaggi economici, al risparmio di tempo e così via, l’engagement arriva subito”, sottolinea Dalla Francesca.

Per esempio, per coinvolgere i vertici sulle ragioni del nuovo ERP (il più grande cambiamento tecnologico e organizzativo della storia di Omis), il CIO ha spiegato che la piattaforma avrebbe permesso di diventare “tempestivi e precisi nell’ottenere un dato” e che non avrebbero più dovuto aspettare giorni o dedicare diverse persone a questo compito.

“Si tratta di un messaggio chiaro che il business comprende, perché significa un valore in denaro e in persone che, anziché svolgere compiti manuali, si dedicano a progetti”, evidenzia il manager.

Seconda strategia: il linguaggio del business

Insomma, occorre parlare col linguaggio del CEO e del Finance ed è esattamente questa la strategia di Roberto Zanna, ex CIO di aziende italiane di diverse industry (dalla manifattura alla moda alla GDO) e oggi Fractional Manager. Il CIO deve esprimersi in modo semplice e preciso. 

Una ricetta confermata fondamentalmente da tutti i capi dell’IT in Italia: è molto importante non usare il linguaggio tecnico con il board, ma parlare attivamente il linguaggio del business. Gli investimenti derivano dalla capacità di usare quel linguaggio.

“Tutto quello che fa l’IT deve puntare al business, ovvero, nel nostro caso, vendere un conto corrente”, ci ha detto una CIO del banking. “Tutto quello che non serve al business, ma semplicemente soddisfa l’ego del CIO non devo nemmeno andarlo a presentare al board. Gli investimenti arrivano se sono abilitatori dell’attività bancaria”.

È una regola che può valere per tanti altri settori: “L’IT non esiste se non come supporto del business”, precisa la stessa CIO. “Tutto quello che l’IT fa in un’azienda, anche comprare un server o la fibra ottica, deve servire a generare valore, se no il CEO non lo accetterà mai”.

“Bisogna proporre use case legati al valore di business, per esempio la riduzione dei costi o il miglioramento del servizio clienti”, conferma Massimiliano Claps, Research Director, IDC Insights. “E il tutto va corroborato da metriche che interessano al business”.

Terza strategia: i KPI

Metriche è la terza parola chiave in questa carrellata di strategie con cui il CIO dimostra il valore degli investimenti IT. Questo vuol dire, innanzitutto, correlare l’investimento ai vantaggi concreti – diretti e indiretti – per l’organizzazione, come lo snellimento dei processi, l’aumento delle vendite, la maggiore sostenibilità, la riduzione dei processi manuali. Questi vantaggi vanno prospettati in modo realistico e supportati con i KPI.

“Sono particolarmente importanti i KPI legati alla sicurezza”, evidenzia Zanna: “misurazione esatta degli incidenti, tempi di risposta e risoluzione, segnalazione dei breach, remediation fatte e in quali tempi, e così via”.

Questi indicatori danno all’AD il senso della concretezza della minaccia e, quindi, della crucialità della spesa in cybersicurezza.

I CEO sono molto sensibili anche ai KPI legati a flussi e processi: si misura il tempo risparmiato nelle operazioni modernizzate rispetto alle vecchie operazioni, come inviare fatture ai clienti all’estero in modo automatico rispetto alle email con pdf o adottare un portale fornitori in cui interagire con workflow rispetto a scambi di mail o documenti.

“Ovviamente queste sono delle previsioni che il Chief Information Officer può presentare al Chief Executive Officer, ma quando l’azienda è padronale-familiare non è facile convincere l’imprenditore a investire”, ammette Zanna. “C’è tanta resistenza, si tende a obiettare che si è sempre fatto in un certo modo e non si vede il motivo di cambiare”.

Zanna osserva che i CEO delle aziende più strutturate sono più propensi ad ascoltare le indicazioni del CIO, ma – in ogni caso – esigono dati concreti e si aspettano poi di vedere risultati in linea con le previsioni. Il CIO, dunque, dovrà essere molto accurato nei suoi dati e nella presentazione dei KPI a supporto.

“I KPI sono parte della più ampia di governance dei sistemi informativi, che è la spina dorsale dell’IT”, indica Debora Guma, Global CIO di De’ Longhi Group (gruppo internazionale dei piccoli elettrodomestici attivo con i marchi De’Longhi, Kenwood, Braun, Nutribullet e Ariete). Gli indicatori delle prestazioni sono fondamentali, precisa la CIO, “perché i sistemi IT sono la leva della crescita, dell’innovazione e del buon funzionamento dell’azienda e le tecnologie devono servire al business. I KPI misurano quanto ci stiamo riuscendo”. 

Guma e il team IT hanno misurato, per esempio, l’esito dell’adozione dell’AI in azienda, dimostrando l’efficacia dell’investimento. De’ Longhi, infatti, ha fornito a tutti i dipendenti il motore AI di Google (Gemini) e ha rilevato, in un anno, un aumento del 20% della produttività – un dato che l’IT ha estratto dalle costanti rilevazioni (svolte tramite survey) dell’utilizzo effettivo di Gemini. Questi indicatori, sicuramente, aiutano ad allineare le esigenze di budget della manager tech con i requisiti del board per gli investimenti.

Quarta strategia: la roadmap IT allineata al business

Mariangela Colasanti, Head of Innovation Officer, BW Hotels, è una manager che non ha difficoltà a ottenere budget per l’IT: riporta direttamente alla CEO Sara Digiesi, che è la prima a credere negli investimenti in innovazione. Questo non significa che il compito del CIO sia finito: occorrono, di nuovo, i dati.

Infatti, con i colleghi del team Digital di BW Hotels (che include il Director of Dev. & Digital, Stefano Lombardi, e il Director of ICT & Information Security, Guido Brucellaria), Colasanti è chiamata a definire dove investire, con quali tempistiche e con quali motivazioni o risultati attesi.

“Vanno stimati i ritorni e alla CEO va fornita una roadmap IT che vada di pari passo con la strategia dell’azienda”, spiega Colasanti. “Questo si fa conoscendo gli obiettivi aziendali e svolgendo interviste ad albergatori. È una co-creazione della strategia con un mix di dati, visione di medio-lungo periodo e collaborazione e sinergia fra reparti”.

Si ritorna alla capacità del Chief Information Officer di parlare la lingua del business. Come afferma Colasanti: “Il CIO deve conoscere le Operation e non restare chiuso nell’IT”.

Che cosa chiedono i CEO ai CIO

I risultati della ricerca di Netskope confermano le esperienze dei leader IT italiani. I CEO chiedono loro di semplificare il gergo tecnico e spiegare le decisioni sul budget con parole che anche i dirigenti meno esperti possono capire facilmente. I CIO, quando pensano o parlano, devono collegare le scelte di spesa alle priorità aziendali, ai principali quadri decisionali e al valore che sarà creato. Per riuscirci devono avere una profonda consapevolezza della strategia organizzativa più ampia e dei calcoli del ROI.

“Il CIO deve essere abile a consigliare il proprio interlocutore, creando una situazione di fiducia ed empatia”, indica Zanna. “Per esempio, potrebbe dire: So che tu preferisci il Capex, ma io noleggerei, spiegando poi i motivi per andare verso l’Opex (o viceversa)”.

Ci sono altri elementi importanti: la credibilità e autorevolezza del CIO e la sua capacità di assumersi le responsabilità.

“In qualità di CIO dispongo di un buon livello di autonomia negli investimenti”, riferisce Giuliano Rorato, Responsabile Sistemi Informatici di ABACO (servizi per gli Enti Locali). “Ogni investimento è sempre orientato a migliorare, proteggere e ottimizzare l’ecosistema informatico aziendale, nonché ad introdurre o implementare nuove soluzioni capaci di aumentare la produttività interna e generare valore aggiunto per gli Enti clienti. Prima di ogni decisione viene condotta un’attenta analisi, verifica e selezione delle soluzioni disponibili; quando l’investimento risulta giustificato da tali valutazioni, la Direzione ne autorizza l’adozione”.

La leva culturale

La più recente ricerca dell’Osservatorio Innovazione Digitale nelle PMI della School of Management del Politecnico di Milano rivela che, nel nostro Paese, le aree di maggior investimento digitale riguardano ancora troppo i processi di supporto e meno quelli direzionali e di core business. Molte aziende procedono ancora a piccoli passi, adottando strumenti semplici e non sempre integrati tra loro, mentre il potenziale dei dati resta sottovalutato e poco valorizzato. Tutto questo alimenta la visione dell’IT come costo; al contrario, se gli investimenti in digitalizzazione e innovazione sono legati al core business, l’atteggiamento del CEO cambia.

La ricerca evidenzia come gli ostacoli agli investimenti IT non siano solo economici, ma culturali e legati a competenze, visione e change management. Questo rafforza l’idea che un CIO desideroso di convincere il board, o la proprietà, a finanziare l’innovazione non deve semplicemente proporre un progetto tecnico, ma costruire una “cultura digitale”.

As employees experiment with gen AI tools on their own, CIOs are facing a familiar challenge with shadow AI. Although it’s often well-intentioned innovation, it can create serious risks around data privacy, compliance, and security.

According to 1Password’s 2025 annual report, The Access-Trust Gap, shadow AI increases an organization’s risk as 43% of employees use AI apps to do work on personal devices, while 25% use unapproved AI apps at work.

Despite these risks, experts say shadow AI isn’t something to do away with completely. Rather, it’s something to understand, guide, and manage. Here are six strategies that can help CIOs encourage responsible experimentation while keeping sensitive data safe.

1. Establish clear guardrails with room to experiment

Managing shadow AI begins with getting clear on what’s allowed and what isn’t. Danny Fisher, chief technology officer at West Shore Home, recommends that CIOs classify AI tools into three simple categories: approved, restricted, and forbidden.

“Approved tools are vetted and supported,” he says. “Restricted tools can be used in a controlled space with clear limits, like only using dummy data. Forbidden tools, which are typically public or unencrypted AI systems, should be blocked at the network or API level.”

Matching each type of AI use with a safe testing space, such as an internal OpenAI workspace or a secure API proxy, lets teams experiment freely without risking company data, he adds.

Jason Taylor, principal enterprise architect at LeanIX, an SAP company, says clear rules are essential in today’s fast-moving AI world.

“Be clear which tools and platforms are approved and which ones aren’t,” he says. “Also be clear which scenarios and use cases are approved versus not, and how employees are allowed to work with company data and information when using AI like, for example, one-time upload as opposed to cut-and-paste or deeper integration.”

Taylor adds that companies should also create a clear list that explains which types of data are or aren’t safe to use, and in what situations. A modern data loss prevention tool can help by automatically finding and labeling data, and enforcing least-privilege or zero-trust rules on who can access what.

Patty Patria, CIO at Babson College, notes it’s also important for CIOs to establish specific guardrails for no-code/low-code AI tools and vibe-coding platforms.

“These tools empower employees to quickly prototype ideas and experiment with AI-driven solutions, but they also introduce unique risks when connecting to proprietary or sensitive data,” she says.

To deal with this, Patria says companies should set up security layers that let people experiment safely on their own but require extra review and approval whenever someone wants to connect an AI tool to sensitive systems.

“For example, we’ve recently developed clear internal guidance for employees outlining when to involve the security team for application review and when these tools can be used autonomously, ensuring both innovation and data protection are prioritized,” she says. “We also maintain a list of AI tools we support, and which we don’t recommend if they’re too risky.”

2. Maintain continuous visibility and inventory tracking

CIOs can’t manage what they can’t see. Experts say maintaining an accurate, up-to-date inventory of AI tools is one of the most important defenses against shadow AI.

“The most important thing is creating a culture where employees feel comfortable sharing what they use rather than hiding it,” says Fisher. His team combines quarterly surveys with a self-service registry where employees log the AI tools they use. IT then validates those entries through network scans and API monitoring.

Ari Harrison, VP of IT at branding manufacturer Bamko, says his team takes a layered approach to maintaining visibility.

“We maintain a living registry of connected applications by pulling from Google Workspace’s connected-apps view and piping those events into our SIEM [security information and event management system],” he says. “Microsoft 365 offers similar telemetry, and cloud access security broker tools can supplement visibility where needed.”

That layered approach gives Bamko a clear map of which AI tools are touching corporate data, who authorized them, and what permissions they have.

Mani Gill, SVP of product at cloud-based iPaaS Boomi, argues that manual audits are no longer enough.

“Effective inventory management requires moving beyond periodic audits to continuous, automated visibility across the entire data ecosystem,” he says, adding that good governance policies ensure all AI agents, whether approved or built into other tools, send their data in and out through one central platform. This gives organizations instant, real-time visibility into what each agent is doing, how much data it’s using, and whether it’s following the rules.

Tanium chief security advisor Tim Morris agrees that continuous discovery across every device and application is key. “AI tools can pop up overnight,” he says. “If a new AI app or browser plugin appears in your environment, you should know about it immediately.”

3. Strengthen data protection and access controls

When it comes to securing data from shadow AI exposure, experts point to the same foundation: data loss prevention (DLP), encryption, and least privilege.

“Use DLP rules to block uploads of personal information, contracts, or source code to unapproved domains,” Fisher says. He also recommends masking sensitive data before it leaves the organization, and turning on logging and audit trails to track every prompt and response in approved AI tools.

Harrison echoes that approach, noting that Bamko focuses on the security controls that matter most in practice: Outbound DLP and content inspection to prevent sensitive data from leaving; OAuth governance to keep third-party permissions to least privilege; and access limits that restrict uploads of confidential data to only approved AI connectors within its productivity suite.

In addition, the company treats broad permissions, such as read and write access to documents or email, as high-risk and requires explicit approval, while narrow, read-only permissions can move faster, Harrison adds.

“The goal is to allow safe day-to-day creativity while reducing the chance of a single click granting an AI tool more power than intended,” he says.

Taylor adds that security must be consistent across environments. “Encrypt all sensitive data at rest, in use, and in motion, employ least-privilege and zero-trust policies for data access permissions, and ensure DLP systems can scan for, tag, and protect sensitive data.”

He notes that companies should ensure these controls work the same on desktop, mobile, and web, and keep checking and updating them as new situations come up.

4. Clearly define and communicate risk tolerance

Defining risk tolerance is as much about communication as it is about control. Fisher advises CIOs to tie risk tolerance to data classification instead of opinion. His team uses a simple color-coded system: green for low-risk activities, such as marketing content; yellow for internal documents that must use approved tools; and red for customer or financial data that can’t be used with AI systems.

“Risk tolerance should be grounded in business value and regulatory obligation,” says Morris. Like Fisher, Morris recommends classifying AI use into clear categories, what’s permitted, what needs approval, and what’s prohibited, and communicating that framework through leadership briefings, onboarding, and internal portals.

Patria says Babson’s AI Governance Committee plays a key role in this process. “When potential risks emerge, we bring them to the committee for discussion and collaboratively develop mitigation strategies,” she says. “In some cases, we’ve decided to block tools for staff but permit them for classroom use. That balance helps manage risk without stifling innovation.”

5. Foster transparency and a culture of trust

Transparency is the key to managing shadow AI well. Employees need to know what’s being monitored and why.

“Transparency means employees always know what’s allowed, what’s being monitored, and why,” Fisher says. “Publish your governance approach on the company intranet and include real examples of both good and risky AI use. It’s not about catching people. You’re building confidence that utilizing AI is safe and fair.”

Taylor recommends publishing a list of officially sanctioned AI offerings and keeping it updated. “Be clear about the roadmap for delivering capabilities that aren’t yet available,” he says, and provide a process to request exceptions or new tools. That openness shows governance exists to support innovation, not hinder it.

Patria says in addition to technical controls and clear policies, establishing dedicated governance groups, like the AI Governance Committee, can greatly enhance an organization’s ability to manage shadow AI risks.

“When potential risks emerge, such as concerns about tools like DeepSeek and Fireflies.AI, we collaboratively develop mitigation strategies,” she says.

This governance group not only looks at and handles risks, but explains its decisions and the reasons behind them, helping create transparency and shared responsibility, Patria adds.

Morris agrees. “Transparency means there are no surprises. Employees should know which AI tools are approved, how decisions are made, and where to go with questions or new ideas,” he says.

6. Build continuous, role-based AI training

Training is one of the most effective ways to prevent accidental misuse of AI tools. The key is be succinct, relevant, and recurring.

“Keep training short, visual, and role-specific,” says Fisher. “Avoid long slide decks and use stories, quick demos, and clear examples instead.”

Patria says Babson integrates AI risk awareness into annual information security training, and sends periodic newsletters about new tools and emerging risks.

“Routine training sessions are offered to ensure employees understand approved AI tools and emerging risks, while departmental AI champions are encouraged to facilitate dialogue and share practical experiences, highlighting both the benefits and potential pitfalls of AI adoption,” she adds.

Taylor recommends embedding training in-browser, so employees learn best practices directly in the tools they’re using. “Cutting and pasting into a web browser or dragging and dropping a presentation seems innocuous until your sensitive data has left your ecosystem,” he says.

Gill notes that training should connect responsible use with performance outcomes.

“Employees need to understand that compliance and productivity work together,” he says. “Approved tools deliver faster results, better data accuracy, and fewer security incidents compared with shadow AI. Role-based, ongoing training can demonstrate how guardrails and governance protect both data and efficiency, ensuring that AI accelerates workflows rather than creating risk.”

Responsible AI use is good business

Ultimately, managing shadow AI isn’t just about reducing risk, it’s about supporting responsible innovation. CIOs who focus on trust, communication, and transparency can turn a potential problem into a competitive advantage.

“People generally don’t try and buck the system when the system is giving them what they’re looking for, especially when there’s more friction for the user in taking the shadow AI approach,” says Taylor.

Morris concurs. “The goal isn’t to scare people but to make them think before they act,” he says. “If they know the approved path is easy and safe, they’ll take it.”

That’s the future CIOs should work toward: a place where people can innovate safely, feel trusted to experiment, and keep data protected because responsible AI use isn’t just compliance, it’s good business.

La campaña de Navidad ha sido el tradicional motor económico para muchos sectores, que veían cómo se concentraba en ese período el grueso de sus ventas. Ahora, la Navidad sigue siendo altamente relevante, pero el período de ventas arranca antes y se ha hecho más complejo. Si hace un par de décadas nadie celebraba en España (y en Europa en general) el Black Friday, ahora es uno de los momentos candentes del año. Es uno de los grandes días de consumo.

Un estudio de Ipsos para Amazon concluye que el 72% de la población española adelantará sus compras navideñas al Black Friday y otro de la OCU que el 78% de la ciudadanía acabará haciéndose con algún producto. El gasto medio oscila, tomando los baremos que dan las diferentes estimaciones, en una horquilla que va de los 201 a los 230 euros. Se comprará mucho y se someterá a los sistemas a mucho estrés, de ahí que el Black Friday no solo importe a los departamentos de marketing y ventas. También lo hace para el CIO.

Las compañías lo tienen cada vez más en cuenta. “La concienciación ha aumentado mucho”, explica Stefan Kühn, especialista en documentación informática de FNT Software. “Cada año vemos en las noticias interrupciones del servicio muy sonadas y las empresas comprenden el daño financiero y reputacional que estos incidentes pueden causar”, suma. Y, “aunque hay margen de mejora”, las empresas se preparan antes y con más conciencia de lo que se les viene encima. “La resiliencia del Black Friday no se construye en noviembre”, advierte Kühn. Lo ven quienes lo observan desde fuera, como las empresas que les dan servicios, pero también los CIO que lo trabajan desde dentro.

Un trabajo de meses

“Cada preparación de Black Friday subes un peldaño”, sintetiza Kiko León Barroso, CIO de IskayPet. “Casi empiezas a prepararlo al día siguiente de haber terminado el año anterior, cuando haces un análisis posmortem con los aprendizajes”, indica. El trabajo supone meses de ajustes, mejoras y refuerzos. En Amazon, revisan y analizan en verano, intensifican pruebas en otoño y se ponen en máximos las semanas previas, “endurecemos la seguridad, congelamos cambios de alto riesgo e implementamos las mejoras que han superado todos los controles”, apunta Merce Mariño, directora de Tecnología de AWS España.

Los sistemas TI deben afrontar una avalancha. “Black Friday es, junto con Prime Day, uno de los mayores picos del año”, confirma Mariño, que habla de “millones de sesiones, realización de pedidos y publicación de ofertas, además de las operaciones de inventario y logística”.  Es, además, el pistoletazo de salida para unas semanas muy intensas. ¿Se puede esperar un momento de descanso tras el viernes de compra? “En la práctica, no. Las campañas se encadenan y la continuidad operativa es permanente: Black Friday, Cyber Monday y la campaña navideña”, explica Sergio Peinado, CIO-director de Transformación Digital y Tecnología en Ontime. “La mayor transformación no ha sido solo tecnológica, también cultural. El ‘pico’ ya no es una excepción, sino parte del modelo”, suma.

“El ‘pico’ ya no es una excepción, sino parte del modelo”, reconoce el CIO de Ontime, Sergio Peinado

Los grandes retos del Black Friday

Todo esto convierte a la campaña de Black Friday en un momento de elevada exigencia, en la que se juegan demasiadas papeletas para afrontar una sobrecarga técnica.

 “Lo que suele fallar primero no es un servidor o una base de datos específicos. Es la falta de visibilidad sobre cómo está todo conectado”, indica Kühn. Ese el talón de Aquiles de las empresas, ya que lleva a que el personal TI tenga “dificultades para comprender de dónde proviene el cuello de botella, cómo dependen los componentes entre sí o qué efectos secundarios podría tener un cambio rápido”. “Según mi experiencia, el verdadero punto débil no es la tecnología en sí, sino la ausencia de una visión clara y unificada de toda la infraestructura”, señala.

Peinado suma que “lo más difícil no es la tecnología, sino la gestión de la incertidumbre”. “Es una combinación de volumen, incertidumbre y criticidad”, explica.

Por tanto, la estrategia más eficiente pasa por prevenir antes que curar, testear mucho y dejar todo bien atado antes de que llegue el momento de enfrentarse al frenesí de compras. Mariño explica que hacen pruebas de carga y simulaciones de estrés con las que analizan el estado de sus rutas críticas. “Si algo no alcanza el objetivo, se refuerza”, indica. “Además, contamos con planes de ‘degradación elegante’: si un componente ‘no esencial’ sufre, la plataforma prioriza la disponibilidad y el checkout para mantener el flujo de compra”, suma.

Al final, la tecnología debe conseguir obrar casi algo digno de magia, que en el momento en el que los sistemas afrontan una avalancha de consumidores todo funcione sin problemas. “Lo más complejo es lograr que, aun con un tráfico muy superior al habitual, la experiencia ‘se sienta normal’”, señala Mariño. “El objetivo es que, aunque por detrás haya diez veces más actividad, el cliente navegue, añada al carrito y pague con la misma fluidez de un día cualquiera”, añade. Ellos usan una “arquitectura elástica y distribuida”. “Aquí entran en juego el CDN para contenido estático y dinámico (Amazon CloudFront), el balanceo inteligente de carga (Elastic Load Balancing) y el autoescalado en compute (Amazon EC2 Auto Scaling, AWS Fargate sobre ECS o EKS para contenedores)”, indica, reforzando también la respuesta de sus bases de datos para que sobrevivan a los picos.

“La tecnología debe conseguir obrar casi algo digno de magia, que en el momento en el que los sistemas afrontan una avalancha de consumidores todo funcione sin problemas”, Merce Mariño, directora de Tecnología de AWS

La presión se nota en el canal online, pero también en las tiendas físicas. Allí el personal de tienda debe gestionar ese aumento de ventas, pero para ello necesitan que la tecnología les dé respuesta. León Barroso explica que, más allá de lo que el cliente directo ve, está todo lo que cubre lo que no se ve, desde el cloud a los sistemas de envíos de mensajes de marketing pasando por la logística que permitirá sincronizar ventas en los diferentes canales y llevar los productos al comprador final. Predecir a qué se va a enfrentar su almacén ayuda a que luego pueda “funcionar con su productividad habitual”.

“Las herramientas clave no son las más sofisticadas, sino las que dan visibilidad, control y capacidad de reacción: observabilidad avanzada, cloud-native y automatización de extremo a extremo”, resume Peinado.

El papel de la IA  

¿Y qué papel ocupa en todo esto la inteligencia artificial? La IA se ha integrado ya en las campañas de marketing y en el análisis de patrones. Así, por ejemplo, desde The Valley recomiendan sacarle provecho como guía que anticipa comportamientos y herramienta que optimiza campañas, escogiendo los mensajes más relevantes y posicionando mejor a la marca.

Sin embargo, sería un error limitar la IA solo a lo que puede hacer a nivel marketing y comunicación. Desde el área de tecnología también se emplea para predecir demanda de producto, identificar potenciales fallos, personalizar experiencias o reforzar la seguridad.  “La IA está muy presente y actúa en varias capas”, confirma Mariño. Aunque, eso sí, Peinado recuerda que “no hay que olvidar que la IA es tan buena como la calidad del dato”. No todos los sectores tienen los datos óptimos para sacarle todo ese buen partido.

“La resiliencia del Black Friday no se construye en noviembre”, advierte Stefan Kühn

Momento candente de amenazas

Sobrevivir a los picos de consumo es fundamental para llegar con bien al final de la campaña de Black Friday, pero ese no es el único punto caliente en una temporada que está repleta de retos. Uno de ellos es la ciberseguridad. “La seguridad no puede ser una cuestión secundaria”, recuerda Kühn, que habla de que “el Black Friday es un objetivo perfecto para los ciberdelincuentes”.

Las estadísticas lo confirman. Según investigaciones de NordVPN, las tiendas falsas crecieron en un 250% en estos días previos a la campaña y el phishing y otras estafas que llegan a los usuarios finales alcanza cifras “sin precedentes”. Al fin y al cabo, esto no es más que una extensión de la tónica del resto del año. Según Signicat, una de cada cinco altas de clientes es fraudulenta, el 59% de las empresas se ha enfrentado a intentos de fraude de identidad exitosos y el 22% de los ingresos anuales se va ya a prevenirlos. La Navidad y el Black Friday son puntos calientes para el fraude en pagos, por algo tan básico como el propio flujo de compras se dispara.

Pero todo esto es algo que tienen muy presente los CIO, que listan las amenazas a las que se enfrentan estos días. “En campañas así aumentan los intentos de ataques tipo DDoS, scraping automatizado, de inyección y fraude online”, apunta Mariño. Amazon refuerza su estructura con una larga serie de soluciones propias. “Todo esto se acompaña de simulacros operativos y runbooks claros, con equipos de respuesta 24/7, de modo que cualquier incidente se detecte y mitigue en minutos”, indica la experta.

Aun así, y por mucho que este sea un momento caliente, no es único. “Realmente puede pasar en cualquier momento”, recuerda León Barroso, “y tienes que estar siempre prevenido y preparado. Es la prioridad cero”.

“Esos días buscas tener planes B, C y D para casi todo”, reconoce Kiko León Barroso, CIO de IskayPet

Sobrevivir al Black Friday pasa por el día después

Si durante el resto del año los consumidores no suelen tomarse muy bien que sus compras lleguen tarde o que se extravíen, las cosas se vuelven todavía más complejas durante el Black Friday y la campaña de Navidad. Lo que se compra es, por así decirlo, más sensible, ya que se aprovecha para hacerse con regalos o productos necesarios para las fiestas, y la tolerancia a los errores se desploma. Al tiempo, la cantidad de paquetes y gestiones que deben asumir las empresas se dispara. Que todo fluya es fundamental y, ahí también, los CIO tienen un papel crucial.

Se necesita afinar muy bien para que todo funcione. León Barroso señala que hay que adelantarse a los cuellos de botella, para que no se acaben pasando al transportista. Postergarlos al día después aplazaría el problema, que seguiría estando ahí. Se necesita ser capaz de flexibilizar, de buscar soluciones. “Esos días buscas tener planes B, C y D para casi todo”, apunta. Lo que para los compradores resulta simple tiene, en realidad, mucha infraestructura detrás. “Queremos que lo que se ve parezca sencillo, aunque por detrás haya una operación tecnológica y de datos a gran escala”, apunta Mariño. “Todo está orquestado por software y datos: desde que el usuario hace clic y hasta que recibe el paquete”, explica. “La idea es que la tienda no se caiga, las ofertas sean claras y la logística responda a tiempo”, resume.

La prueba de estrés de estas fechas es también un aviso a navegantes. “El día después es un indicador estratégico del nivel de madurez digital”, señala Peinado, uno que cuenta en qué nivel está la transformación digital de la compañía. Si las cosas fallan, está avisando de que se necesita todavía hacer ajustes y mejoras. “El Black Friday no es la excepción, es un recordatorio. Nuestro sistema debe soportar cualquier escenario, no uno puntual. El objetivo real es operar con elasticidad y resiliencia continua los 365 días”, advierte.

---

In a previous article, we focused on the risk of the CIO becoming invisible. Even for tech executives, visibility and influence are difficult to achieve alone. They multiply when supported by allies.

Here, we analyze the difference between having and not having allies, the multiple opportunities that exist if a bottom-up approach is used, and how to avoid invisible errors that can neutralize an alliance.

1. When support is lacking: Cost and risk for the CIO

In 2020, Daimler decided to spin off its famous innovation incubator, Lab1886, where the vehicles and mobility of the future were being developed. There was plenty of talent, but a lack of allies within the company to take ownership of the projects. Without a clear link within the organization, projects weren’t properly transferred and implemented. In the end, the unit became isolated.

The same thing happens to the CIO when their initiatives lack internal support: Talent and effort aren’t enough if no one in the business takes ownership of them. In fact, even CIOs of large companies say they’ve had to defend proposals from scratch, or, from another angle, they’ve received projects from other areas of the business “unfiltered,” that is, without IT having any prior visibility into the problem.

This dynamic creates a perception that the CIO acts as a brake, and it doesn’t help the CIO gain more influence; quite the opposite, in fact. The CIO is pushed to put out fires instead of leading the digital strategy.

CIOs are becoming aware that this spiral is unsustainable. As David Walmsley, CDO/CTO of jewelry giant Pandora, said to Mark Samuels: “As I said from day one of the digital transformation, we are not here to take orders. We are here to provide robust collaboration.”

2. Allies: Strengthening the CIO’s position

CIOs need to break out of the dynamic of justifying initiatives or redirecting other people’s projects. To do this, they cannot resort to authority, but rather to complicity. That is, building allies within the organization.

The great advantage of having allies is that they represent political capital where support is already secured. This accelerates approvals and avoids the cycles of justifying initiatives, with the associated wear and tear

Furthermore, it provides other benefits. For example, friction is reduced because allies act as a buffer by contributing their own legitimacy. Additionally, a network effect is created, where connections within the organization open the door to new conversations where the CIO was not present or to opportunities off their radar. Finally, an ally can become the voice that champions an initiative when the CIO is not present, contributing their own credibility.

In short, allies are an asset for the CIO that strengthens their position, multiplies their influence, and prevents burnout.

3. Building allies from the bottom up: Trust that scales

The value of allies is clear, but how are they acquired? There aren’t always shared interests or things that make the process easier. What there is, however, is an abundance of pain points that business leaders experience, which steal their time and budget. If the CIO is able to be part of the solution, they will create the foundation for an alliance.

It seems logical to start at the top of the hierarchy, but that can be the most difficult path. There are many potential allies with burning issues. For example, the financial controller lives with the pressure of slow closings and inaccurate forecasts. The purchasing manager has to deal with duplicate contracts and error-ridden manual invoicing tasks.

The opportunities are there. What it takes to find them is to look for the signs, the trail these problems leave, from duplicate invoices to spreadsheets circulating unchecked at the end of each month. These are all traces of unchecked processes where IT can quickly achieve improvements.

If the CIO helps these profiles, it leaves an impact that can travel and escalate surprisingly quickly. What begins by resolving a procurement bottleneck ends up being cited in department meetings, reaching, for example, the CFO.

4. How to avoid the invisible mistakes that break an alliance

Finding the opportunity to start a relationship is only the first step. In practice, what’s decisive is how an initiative is managed. This requires paying attention to silent elements that can jeopardize the continuity of the collaboration and send the CIO back to square one.

The first risk arises if the initiative isn’t translated into business language. This topic deserves its own discussion, but it can be summarized as follows: If the potential ally doesn’t fully understand the activity, or can’t explain it to their colleagues in their own language, it won’t take off.

Something similar happens when the CIO arrives with a perfect, ready-made solution. If there’s no room for the other person to co-create and leave their mark on the initiative, they won’t feel ownership and won’t get involved, even if the project benefits them.

A less visible obstacle can also arise: the attention economy. Time is a scarce commodity in all areas. If a project, or the relationship itself, demands a lot of dedication or is very complex, it will be unprofitable for the business and won’t bear fruit.

Added to this is a more political, though equally crucial, risk. It arises when stakeholders who have the power to block IT are overlooked. These could be compliance officers, legal officers, or even committee attendees. When they aren’t identified and their voices aren’t heard, objections appear late, with little room to overcome them.

These risks go unnoticed, and therein lies the danger. What they highlight is that technical perfection is not the most important thing; rather, working together generates trust. The relationship and communication established will serve as a model for the future relationship.

5. Consolidated mission and political capital for the future

For the CIO, having allies means no longer having to undertake the transformation effort alone. Their IT initiatives no longer require constant defense because there is pre-existing support and accumulated political capital.

Furthermore, this support network provides resilience. Their strategy is much more resistant to potential changes in the organizational chart because it is based on shared business priorities.

Ultimately, the CIO gains room to maneuver. Instead of wasting energy putting out fires, they move beyond tactical issues and can concentrate on their mission as the architect of the digital strategy

The author of this article is Alberto Bellé, principal analyst at Foundry.

Earlier this year, MIT made headlines with a report that found 95% of organizations are getting no return from AI — and this despite a groundbreaking $30 billion investment, or more, into US-based internal gen AI initiatives. So why do so many AI initiatives fail to deliver positive ROI? Because they often lack a clear connection to business value, says Neal Ramasamy, global CIO at Cognizant, an IT consulting firm. “This leads to projects that are technically impressive but don’t solve a real need or create a tangible benefit,” he says.

Technologists often follow the hype, diving headfirst into AI tests without considering business results. “Many start with models and pilots rather than business outcomes,” says Saket Srivastava, CIO of Asana, the project management application. “Teams run demos in isolation, without redesigning the underlying workflow or assigning a profit and loss owner.”

A combination of a lack of upfront product thinking, poor underlying data practices, nonexistent governance, and minimal cultural incentives to adopt AI can produce negative results. So to avoid poor outcomes, many of the techniques boil down to better change management. “Without process change, AI speeds today’s inefficiencies,” adds Srivastava.

Here, we review five tips to manage change within an organization that CIOs can put into practice today. By following this checklist, enterprises should start to turn the tide on negative AI ROI, learn from anti-patterns, and discover which sort of metrics validate successful company-wide AI ventures.

1. Align leadership upfront by communicating business goals and stewarding the AI initiative

AI initiatives require executive sponsorship and a clear vision for how they improve the business. “Strong leadership is essential to translate AI investments into results,” says Adam Lopez, president and lead vCIO at managed IT support provider CMIT Solutions. “Executive sponsorship and oversight of AI programs, ideally at the CEO or board level, correlates with higher ROI.”

For example, at IT services and consulting company Xebia, a subgroup of executives steers its internal AI efforts. Chaired by global CIO Smit Shanker, the team includes the global CFO, head of AI and automation, head of IT infrastructure and security, and head of business operations.

Once upper leadership is assembled, accountability becomes critical. “Start by assigning business ownership,” advises Srivastava. “Every AI use case needs an accountable leader with a target tied to objectives and key results.” He recommends standing up a cross-functional PMO to define lighthouse use cases, set success targets, enforce guardrails, and regularly communicate progress.

Still, even with leadership in place, many employees will need hands-on guidance to apply AI in their daily work. “For most individuals, even if you give them the tools in the morning, they don’t know where to start,” says Orla Daly, CIO of Skillsoft, a learning management system. She recommends identifying champions across the organization who can surface meaningful use cases and share practical tips, such as how to get more out of tools like Copilot. Those with a curiosity and a willingness to learn will make the most headway, she says.

Finally, executives must invest in infrastructure, talent, and training. “Leaders must champion a data-driven culture and promote a clear vision for how AI will solve business problems,” says Cognizant’s Ramasamy. This requires close collaboration between business leaders, data scientists, and IT to execute and measure pilot projects before scaling.

2. Evolve by shifting the talent framework and investing in upskilling

Organizations must be open to shift their talent framework and redesign roles. “CIOs should adapt their talent and management strategies to ensure successful AI adoption and ROI for the organization,” says Ramasamy. “This could involve creating new roles and career paths for AI-focused professionals, such as data scientists and prompt engineers, while upskilling existing employees.”

CIOs should also view talent as a cornerstone of any AI strategy, adds CMIT’s Lopez. “By investing in people through training, communication, and new specialist roles, CIOs can be assured that employees will embrace AI tools and drive success.” He adds that internal hackathons and training sessions often yield noticeable boosts in skills and confidence.

Upskilling, for instance, should meet employees where they are, so Asana’s Srivastava recommends tiered paths: all staff need basic prompt literacy and safety training, while power users require deeper workflow design and agent-building knowledge. “We took the approach of surveying the workforce, targeting enablement, and remeasuring to confirm that maturity moved in the right direction,” he says.

But assessing today’s talent framework goes beyond human skillsets. It also means reassessing your work to be done, and who or what performs what tasks. “It’s essential to review business processes for opportunities to refactor them, given the new capabilities that AI brings,” says Scott Wheeler, cloud practice lead at cloud consulting firm Asperitas Consulting.

For Skillsoft’s Daly, today’s AI age necessitates a modern talent management framework that artfully balances the four Bs: build, buy, borrow, and bots. In other words, leaders should view their organization as a collection of skills rather than fixed roles, and apply the right mix of in-house staff, software, partners, or automation as needed. “It’s requiring us to break things down into jobs or tasks to be done, and looking at your work in a more fragmented way,” says Daly.

For instance, her team used GitHub Copilot to quickly code a learning portal for a certain customer. The project highlighted how pairing human developers with AI assistants can dramatically accelerate delivery, raising new questions about what skills other developers need to be equally productive and efficient.

But as AI agents take over more routine work, leaders must dispel fears that AI will replace jobs outright. “Communicating the why behind AI initiatives can alleviate fears and demonstrate how these tools can augment human roles,” says Ramasamy. Srivastava agrees. “The throughline is trust,” he says, “Show people how AI removes toil and increases impact; keep humans in the decision loop and adoption will follow.”

3. Adapt organizational processes to fully capture AI benefits 

Shifting the talent framework is only the beginning. Organizations must also reengineer core processes. “Fully unlocking AI’s value often requires reengineering how the organization works,” says CMIT’s Lopez, who urges embedding AI into day-to-day operations and supporting it with continual experimentation rather than treating it as a static add-on.

To this end, one necessary adaptation is toward treating internal AI-driven workflows like products and codifying patterns across the organization, says Srivastava. “Establish product‑management rigor for intake, prioritization, and roadmapping of AI use cases, with clear owners, problem statements, and value hypotheses,” he says.

At Xebia, a governance board oversees this rigor through a three-stage tollgate process of identifying and assessing value, securing business acceptance, and then handing off to IT for monitoring and support. “A core group is responsible for organizational and functional simplification with each use case,” says Shanker. “That encourages cross-functional processes and helps break down silos.”

Similarly for Ramasamy, the biggest hurdle is organizational resistance. “Many companies underestimate the change management required for successful adoption,” he says. “The most critical shift is moving from siloed decision-making to a data-centric approach. Business processes should integrate AI outputs seamlessly, automating tasks and empowering employees with data-driven insights.”

Identifying the right areas to automate also depends on visibility. “This is where most companies fall down because they don’t have good, documented processes,” says Skillsoft’s Daly. She recommends enlisting subject-matter experts across business lines to examine workflows for optimization. “It’s important to nominate individuals within the business to ask how to drive AI into your flow of work,” she says.

Once you identify units of work common across functions that AI can streamline, the next step is to make them visible and standardize their application. Skillsoft is doing this through an agent registry that documents agentic capabilities, guardrails, and data management processes. “We’re formalizing an enterprise AI framework in which ethics and governance are part of how we manage the portfolio of use cases,” she adds.

Organizations should then anticipate roadblocks and create support structures to help users. “One strategy to achieve this is to have AI SWAT teams whose purpose is to facilitate adoption and remove obstacles,” says Asperitas’ Wheeler.

4. Measure progress to validate your return   

To evaluate ROI, CIOs must establish a pre-AI baseline and set benchmarks upfront. Leaders recommend assigning ownership around metrics such as time to value, cost savings, time savings, work handled by human agents, and new revenue opportunities generated.

“Baseline measurements should be established before initiating AI projects,” says Wheeler, who advises integrating predictive indicators from individual business units into leadership’s regular performance reviews. A common fault, he says, is only measuring technical KPIs like model accuracy, latency, or precision, and failing to link these to business outcomes, such as savings, revenue, or risk reduction.

Therefore, the next step is to define clear, measurable goals that demonstrate tangible value. “Build measurement into projects from day one,” says CMIT’s Lopez. “CIOs should define a set of relevant KPIs for each AI initiative. For example, 20% faster processing time or a 15% boost in customer satisfaction.” Start with small pilots that yield quick, quantifiable results, he adds.

One clear measurement is time savings. For instance, Eamonn O’Neill, CTO at Lemongrass, a software-enabled services provider, shares how he’s witnessed clients documenting SAP development manually, which can be an extremely time-intensive process. “Leveraging generative AI to create this documentation provides a clear reduction in human effort, which can be measured and translated to a dollar ROI quite simply,” he says.

Reduction of human labor per task is another key signal. “If the goal is to reduce the number of support desk calls handled by human agents, leaders should establish a clear metric and track it in real time,” says Ram Palaniappan, CTO at full-stack tech services provider TEKsystems. He adds that new revenue opportunities may also surface through AI adoption.

Some CIOs are monitoring multiple granular KPIs across individual use cases and adjusting strategies based on results. Asana’s Srivastava, for instance, tracks engineering efficiency by monitoring cycle time, throughput, quality, cost per transaction, and risk events. He also measures the percentage of agent-assisted runs, active users, human-in-the-loop acceptance, and exception escalations. Reviewing this data, he says, helps tune prompts and guardrails in real time.

The resounding point is to set metrics early on, and not fall into the anti-patterns of not tracking signals or value gained. “Measurement is often bolted on late, so leaders can’t prove value or decide what to scale,” says Srivastava. “The remedy is to begin with a specific mission metric, baseline it, and embed AI directly in the flow of work so people can focus on higher-value judgment.”

5. Govern your AI culture to avoid breaches and instability

Gen AI tools are now commonplace, yet many employees still lack training to use them safely. For instance, nearly one in five US-based employees has entered login credentials into AI tools, according to a 2025 study from SmallPDF. “Good leadership involves establishing governance and guardrails,” says Lopez. That includes setting policies to prevent sensitive secret sauce data from being fed into tools like ChatGPT.

Heavy AI use also widens the enterprise attack surface. Leadership must now seriously consider things like security vulnerabilities in AI-driven browsers, shadow AI use, and LLM hallucinations. As agentic AI gets more involved in business-critical processes, proper authorization and access controls are essential to prevent exposure of sensitive data or malicious entry into IT systems.

From a software development standpoint, the potential for leaking passwords, keys, and tokens through AI coding agents is very real. Engineers have jumped at MCP servers to empower AI coding agents with access to external data, tools, and APIs, yet research from Wallarm found a 270% rise in MCP-related vulnerabilities from Q2 to Q3 2025, alongside surging API vulnerabilities.

Neglecting agent identity, permissions, and audit trails is a common trap that CIOs often stumble into with enterprise AI, says Srivastava. “Introduce agent identity and access management so agents inherit the same permissions and auditability as humans, including logging and approvals,” he says.

Despite the risks, oversight remains weak. An AuditBoard report found that while 82% of organizations are deploying AI, only 25% have fully implemented governance programs. With data breaches now averaging nearly $4.5 million each, according to IBM, and IDC reporting organizations that build trustworthy AI are 60% more likely to double the ROI of AI projects, the business case for AI governance is crystal clear.

“Pair ambition with strong guardrails: clear data lifecycle and access controls, evaluation and red‑teaming, and human‑in‑the‑loop checkpoints where stakes are high,” says Srivastava. “Bake security, privacy, and data governance into the SDLC so ship and secure move together — no black boxes for data lineage or model behavior.”

It’s not magic

According to BCG, only 22% of companies have advanced their AI beyond the POC stage, and just 4% are creating substantial value. With these sobering statistics in mind, CIOs shouldn’t set unrealistic expectations for getting a return.

Finding ROI from AI will require significant upfront effort, and necessitate fundamental changes to organizational processes. As Mastercard’s CTO for operations George Maddaloni said in a recent interview with Runtime, he thinks gen AI app adoption is largely about change management and adoption.

The pitfalls with AI are nearly endless and it’s common for organizations to chase hype rather than value, launch without a clear data strategy, scale too quickly, and implement security as an afterthought. Many AI programs simply don’t have the executive sponsorship or governance to get where they need to be, either. Alternatively, it’s easy to buy into vendor hype on productivity gains and overspend, or underestimate the difficulty of integrating AI platforms with legacy IT infrastructure.

Looking ahead, to better maximize AI’s business impact, leaders recommend investing in the data infrastructure and platform capabilities needed to scale, and hone on one or two high-impact use cases that can remove human toil and clearly drive revenue or efficiency.

Grounding AI fervor in core tenets and understanding the business strategy you’re aiming for is necessary to inch toward ROI. Because, without sound leadership and clear objectives, AI is only a fascinating technology with a reward that’s just always out of reach.

In today’s rapidly changing digital landscape, CEOs and CIOs are under constant pressure to do more with less, reduce costs, increase agility, and ensure technology investments directly enable business growth. One of the most effective ways to achieve these objectives is by optimizing your third-party IT services portfolio.

An optimized portfolio not only unlocks cost savings but also enhances flexibility, strengthens risk management, and fosters innovation by aligning IT delivery with broader strategic goals. Here are the top 10 benefits to such a strategy:

Cost efficiency

An optimized portfolio can help with cost reduction and better financial management of IT services spend. By outsourcing certain IT functions to specialized vendors, companies can often achieve cost savings compared to in-house solutions. CEOs are always focused on maximizing profits and reducing unnecessary expenses, making cost-efficient IT services a priority.

Optimizing a decentralized portfolio into a centralized model can reduce IT services spend by up to 30% in fees alone. Beyond direct savings, consolidation creates a stronger base of institutional knowledge around systems, culture, and talent, accelerating onboarding and ensuring continuity of delivery.

Concentrating spend among a select set of strategic partners also creates meaningful leverage. Expect sustainable volume discounts, provider-led investments in technology and COEs, andbest-in-class commercial terms. The result is a more cost-effective, stable, and performance-driven services ecosystem.

Focus on core business

Outsourcing non-core IT functions allows the organization to concentrate on primary business activities. This aligns with the strategic goals of the CEO, who wants the company to excel in its main areas of expertise.

Technology is advancing at its most aggressive pace in decades, and staying current requires time and specialized skills. By entrusting day-to-day IT operations to trusted providers, organizations can reallocate internal resources toward higher-value initiatives such as digital transformation, automation, and product innovation. This accelerates adoption of emerging technologies, and allows internal teams to deepen business expertise, strengthen cross-functional collaboration, and focus on driving growth where it matters most.

Scalability and flexibility

A well-structured third-party IT services portfolio can provide flexibility to scale up or down based on business needs. This is particularly valuable for CEOs who need to adapt to changing market conditions and seize growth opportunities.

Securing talent in the market today is challenging and time consuming, so tapping into the talent pools of your strategic IT services partner base allows organizations to leverage their bench strength to fill immediate needs for talent.

Highly optimized IT service provider portfolios benefit from the institutional knowledge partners obtain over multiple engagements to ensure onboarded resources are the right fit for the organization’s culture. Provider partners often tap resources to fill needs that have worked in some capacity for the organization on prior engagements, allowing resources to hit the ground running by having experience in the environment, with people, and processes.

Innovation and expertise

Outsourcing IT services can grant access to specialized expertise and innovative technologies that the organization might not possess in-house. CEOs are often interested in staying ahead of the curve and leveraging the latest advancements to drive competitive advantage. They also increasingly look to IT service provider expertise in IT security solutions, as well as in advancements and innovation by leveraging AI.

IT service providers continuously invest in advanced tech and talent development, enabling clients to benefit from cutting-edge innovations without bearing the full cost of adoption. As AI, automation, and cybersecurity evolve, providers offer the subject matter expertise and tools organizations need to stay ahead of disruption.

By tapping into this ecosystem, businesses can improve stability, enhance operational efficiency, and accelerate transformation, positioning IT as a true driver of competitive differentiation.

Risk management

CIOs and CEOs share a concern for managing and mitigating risks. By partnering with reliable and experienced third-party IT service providers, organizations can offload some risks associated with technology management, cybersecurity, compliance, and regulatory issues.

The largest risks reside within the security of an organization’s data, its platforms, and applications. Providers like Accenture, Wipro, and TCS have built strong security services platforms that allow organizations to leverage the depth and breadth of partner resources to keep up with technology advances.

Focus on strategy

With operational stability ensured through a balance of internal talent and trusted third parties, CIOs can dedicate more focus to long-term strategic initiatives that fuel growth and innovation. As technology evolves, shifts in spend across your provider landscape can reveal new leverage opportunities, whether through volume consolidation, strategic renewals, or rebalanced sourcing models.

A well-optimized portfolio gives CIOs the visibility and flexibility to adjust quickly, align investments with business priorities, and continually extract greater value from every provider relationship.

Agility and time to market

Third-party IT services can accelerate project timelines and improve time to market for new products or services. This aligns with CEO desires to be agile and responsive to market demands. 

An optimized IT services portfolio enables organizations to tap into providers with proven delivery methodologies, agile frameworks, and global delivery centers that operate around the clock. This delivery model shortens development cycles, enhances responsiveness, and ensures critical initiatives move from concept to deployment faster. When providers are strategically aligned to your business priorities, they proactively identify opportunities to streamline workflows and eliminate bottlenecks, turning IT into an enabler of innovation rather than a constraint on progress.

Resource allocation

CEOs and CIOs can allocate internal resources more effectively by leveraging external expertise. This can lead to better resource allocation, improved efficiency, and enhanced overall performance.

Optimized portfolios ensure that resources, both internal and external, are strategically aligned with enterprise goals. By clearly defining roles and responsibilities across your IT ecosystem, internal teams can focus on initiatives that differentiate the business while third-party providers manage standardized or commodity functions. This balance creates organizational clarity, eliminates duplication of effort, and enhances operational efficiency.

Over time, this structure supports workforce planning and succession development, allowing organizations to invest in the right internal skillsets for long-term strategic growth.

Competitive edge

A well-managed third-party IT services portfolio can provide an edge by allowing organizations to leverage external partner expertise and resources to outpace competitors. Organizations that view their IT service providers not merely as vendors, but as strategic extensions of their teams usually have an upper hand.

Through continuous engagement, co-innovation, and shared investment models, organizations can pilot emerging technologies faster than peers and bring differentiated offerings to market. Providers with deep domain expertise often introduce industry best practices and benchmark insights that inform strategic decision-making. When these partnerships are managed proactively and built on mutual value, the result is a sustained competitive advantage rooted in speed, innovation, and operational excellence.

Business continuity

Outsourcing certain IT functions can contribute to business continuity planning by having redundancy and backup systems in place through third-party providers. Optimized third-party portfolios enhance resilience by ensuring redundancy across critical infrastructure, applications, and operations.

Leading IT service providers invest heavily in high-availability architectures, disaster recovery capabilities, and geographically diverse data centers, all of which strengthen your organization’s continuity posture. A diversified yet coordinated provider ecosystem ensures rapid recovery in the event of outages, cyber incidents, or natural disasters.

Overall, an optimized third-party IT services portfolio can contribute significantly to achieving the strategic objectives of CEOs and CIOs, including cost savings, efficiency improvements, innovation, risk management, and competitive advantage. However, it’s important to carefully select and manage third-party vendors to ensure they align with the organization’s goals. Otherwise, significant value and cost savings could be left on the table.

In 2016, 7-Eleven began a digital transformation aimed at redefining convenience. The starting point was loyalty. “Step one was to build a product discipline, bring the technology in house, and reduce reliance on third parties,” says Scott Albert, VP and head of store and enterprise products.

Two years later, the Texas-based retailer reapplied the product playbook, now powering store systems across more than 13,000 US and Canadian locations. “We moved from projects — start date, end date — to product: continuous improvement and iteration,” Albert says. “From outputs to outcomes, co-owned with design and engineering.”

Albert knows the terrain. A company veteran who cut his teeth in operations, he led product for loyalty and now oversees digital product for store systems, fuel, restaurant concepts, and merchandising, evidence of how far the model has scaled.

Setting the foundation

The idea was straightforward but the shift wasn’t. “It was tough early on because it meant change,” Albert says. “The business was used to saying, ‘I need X.’ Often that wasn’t the real problem. Our job was to get underneath, understand the problem, design a solution for now and the future, and then iterate.”

It takes several ingredients to solve big problems, like customer research, business process knowledge, data, and technology, so it’s natural that product teams are cross-functional. But that structure can also create competing priorities if not managed correctly. While the setting is convenience retail, the lesson applies to any CIO shifting from project-based delivery to product-driven transformation. “Success depends not on org charts, but on cross-functional trust, buy-in, and commitment,” he says.

That structure set the foundation, and the real breakthroughs came from applying product thinking to their daily work.

Product thinking in action

“For me and my team, the customer is the store associate,” Albert says. That focus shaped priorities to remove low-value tasks, surface just-in-time insights, and let systems work for people, not the other way around.

The team learned this firsthand on midnight store walks. In one New York City visit, they noticed a new associate glued to her phone. “We thought she was distracted,” Albert says. “Turns out she’d recorded her trainer so she could remember.” That single observation sparked a redesign of training to move job aids and how-to videos from a back-room PCs to mobile devices on the floor, embedded in the flow of work.

The same product instinct of watching users, identifying friction, and iterating has carried into 7-Eleven’s AI initiatives. AI-assisted ordering, for example, reduced what was once up to 30 hours a week of manual work to under an hour a day, freeing up associates to focus on customers. At scale, those savings add up to more than 13 million hours reclaimed annually, and test-and-learn pilots tying the changes to about $340 million in incremental sales.

The back office has been transformed as well. After migrating store systems to the cloud with its 7-BOSS platform, 7-Eleven layered in “quick cards” that surface AI-generated insights and let associates act in three clicks or less. A clustering model identifies lookalike stores by sales mix, location type, even seasonality, and pushes tailored assortment recommendations. “With three clicks, you can add an item, forecasting kicks in, and delivery happens in days,” Albert says.

Together, these stories trace a clear pattern of observing the customer (in this case the store personnel), solving for their pain points, then amplifying the solution with data and AI. It’s product thinking at work.

Operating like a product company

Behind the scenes, the mechanics mirror digital natives. Teams run in pods with product, engineering, and design as a three-legged stool. Quarterly planning sets direction, but roadmaps flex. “Tell me everything you’ll do next year — that was the old model,” Albert says. “Now we focus on quarters, but sometimes that’s too long. We plan, then adapt.”

Release cadence has accelerated as well, from two or three big bangs a year to monthly releases.

The cultural shift is ongoing funding for work that never ends. “There’s no such thing as done in product,” he says. “We’re on the fifth iteration of our forecasting model. We’ll keep improving.”

Start small, measure hard

Albert’s advice to other tech executives: start small. “Find a problem that matters, build a cross-functional team, measure success, and validate results,” he says. “Then add a second team, a third, and you’re off.”

And above all, measure. “Pick metrics backed by data so no one can debate the results,” he adds.

Nearly 10 years after its first loyalty decision, 7-Eleven’s product mindset now extends far beyond consumer apps. The store itself has become a living product, updated monthly, informed by data, and built around the associate.

For Albert, the real measure of success is to make the system work for the associate, so they can delight customers. “It’s the same product discipline, now applied to every corner of the store, and it’s redefining what convenience looks like at scale,” he says.