This was the year of AI agents. Chatbots that simply answered questions are now evolving into autonomous agents that can carry out tasks on a user’s behalf, so enterprises continue to invest in agentic platforms as transformation evolves. Software vendors are investing in it as fast as they can, too.

According to a National Research Group survey of more than 3,000 senior leaders, more than half of executives say their organization is already using AI agents. Of the companies that spend no less than half their AI budget on AI agents, 88% say they’re already seeing ROI on at least one use case, with top areas being customer service and experience, marketing, cybersecurity, and software development.

On the software provider side, Gartner predicts 40% of enterprise software applications in 2026 will include agentic AI, up from less than 5% today. And agentic AI could drive approximately 30% of enterprise application software revenue by 2035, surpassing $450 billion, up from 2% in 2025. In fact, business users might not have to interact directly with the business applications at all since AI agent ecosystems will carry out user instructions across multiple applications and business functions. At that point, a third of user experiences will shift from native applications to agentic front ends, Gartner predicts.

It’s already starting. Most enterprise applications will have embedded assistants, a precursor to agentic AI, by the end of this year, adds Gartner.

IDC has similar predictions. By 2028, 45% of IT product and service interactions will use agents as the primary interface, the firm says. That’ll change not just how companies work, but how CIOs work as well.

Agents as employees

At financial services provider OneDigital, chief product officer Vinay Gidwaney is already working with AI agents, almost as if they were people.

“We decided to call them AI coworkers, and we set up an AI staffing team co-owned between my technology team and our chief people officer and her HR team,” he says. “That team is responsible for hiring AI coworkers and bringing them into the organization.” You heard that right: “hiring.”

The first step is to sit down with the business leader and write a job description, which is fed to the AI agent, and then it becomes known as an intern.

“We have a lot of interns we’re testing at the company,” says Gidwaney. “If they pass, they get promoted to apprentices and we give them our best practices, guardrails, a personality, and human supervisors responsible for training them, auditing what they do, and writing improvement plans.”

The next promotion is to a full-time coworker, and it becomes available to be used by anyone at the company.

“Anyone at our company can go on the corporate intranet, read the skill sets, and get ice breakers if they don’t know how to start,” he says. “You can pick a coworker off the shelf and start chatting with them.”

For example, there’s Ben, a benefits expert who’s trained on everything having to do with employee benefits.

“We have our employee benefits consultants sitting with clients every day,” Gidwaney says. “Ben will take all the information and help the consultants strategize how to lower costs, and how to negotiate with carriers. He’s the consultants’ thought partner.”

There are similar AI coworkers working on retirement planning, and on property and casualty as well. These were built in-house because they’re core to the company’s business. But there are also external AI agents who can provide additional functionality in specialized yet less core areas, like legal or marketing content creation. In software development, OneDigital uses third-party AI agents as coding assistants.

When choosing whether to sign up for these agents, Gidwaney says he doesn’t think of it the way he thinks about licensing software, but more to hiring a human consultant or contractor. For example, will the agent be a good cultural fit?

But in some cases, it’s worse than hiring humans since a bad human hire who turns out to be toxic will only interact with a small number of other employees. But an AI agent might interact with thousands of them.

“You have to apply the same level of scrutiny as how you hire real humans,” he says.

A vendor who looks like a technology company might also, in effect, be a staffing firm. “They look and feel like humans, and you have to treat them like that,” he adds.

Another way that AI agents are similar to human consultants is when they leave the company, they take their expertise with them, including what they gained along the way. Data can be downloaded, Gidwaney says, but not necessarily the fine-tuning or other improvements the agent received. Realistically, there might not be any practical way to extract that from a third-party agent, and that could lead to AI vendor lock-in.

Edward Tull, VP of technology and operations at JBGoodwin Realtors, says he, too, sees AI agents as something akin to people. “I see it more as a teammate,” he says. “As we implement more across departments, I can see these teammates talking to each other. It becomes almost like a person.”

Today, JBGoodwin uses two main platforms for its AI agents. Zapier lets the company build its own and HubSpot has its own AaaS, and they’re already pre-built. “There are lead enrichment agents and workflow agents,” says Tull.

And the company is open to using more. “In accounting, if someone builds an agent to work with this particular type of accounting software, we might hire that agent,” he says. “Or a marketing coordinator that we could hire that’s built and ready to go and connected to systems we already use.”

With agents, his job is becoming less about technology and more about management, he adds. “It’s less day-to-day building and more governance, and trying to position the company to be competitive in the world of AI,” he says.

He’s not the only one thinking of AI agents as more akin to human workers than to software.

“With agents, because the technology is evolving so far, it’s almost like you’re hiring employees,” says Sheldon Monteiro, chief product officer at Publicis Sapient. “You have to determine whom to hire, how to train them, make sure all the business units are getting value out of them, and figure when to fire them. It’s a continuous process, and this is very different from the past, where I make a commitment to a platform and stick with it because the solution works for the business.”

This changes how the technology solutions are managed, he adds. What companies will need now is a CHRO, but for agentic employees.

Managing outcomes, not persons

Vituity is one of the largest national, privately-held medical groups, with 600 hospitals, 13,800 employees, and nearly 14 million patients. The company is building its own AI agents, but is also using off-the-shelf ones, as AaaS. And AI agents aren’t people, says CIO Amith Nair. “The agent has no feelings,” he says. “AGI isn’t here yet.”

Instead, it all comes down to outcomes, he says. “If you define an outcome for a task, that’s the outcome you’re holding that agent to.” And that part isn’t different to holding employees accountable to an outcome. “But you don’t need to manage the agent,” he adds. “They’re not people.”

Instead, the agent is orchestrated and you can plug and play them. “It needs to understand our business model and our business context, so you ground the agent to get the job done,” he says.

For mission-critical functions, especially ones related to sensitive healthcare data, Vituity is building its own agents inside a HIPAA-certified LLM environment using the Workato agent development platform and the Microsoft agentic platform.

For other functions, especially ones having to do with public data, Vituity uses off-the-shelf agents, such as ones from Salesforce and Snowflake. The company is also using Claude with GitHub Copilot for coding. Nair can already see that agentic systems will change the way enterprise software works.

“Most of the enterprise applications should get up to speed with MCP, the integration layer for standardization,” he says. “If they don’t get to it, it’s going to become a challenge for them to keep selling their product.”

A company needs to be able to access its own data via an MCP connector, he says. “AI needs data, and if they don’t give you an MCP, you just start moving it all to a data warehouse,” he adds.

Sharp learning curve

In addition to providing a way to store and organize your data, enterprise software vendors also offer logic and functionality, and AI will soon be able to handle that as well.

“All you need is a good workflow engine where you can develop new business processes on the fly, so it can orchestrate with other agents,” Nair says. “I don’t think we’re too far away, but we’re not there yet. Until then, SaaS vendors are still relevant. The question is, can they charge that much money anymore.”

The costs of SaaS will eventually have to come down to the cost of inference, storage, and other infrastructure, but they can’t survive the way they’re charging now he says. So SaaS vendors are building agents to augment or replace their current interfaces. But that approach itself has its limits. Say, for example, instead of using Salesforce’s agent, a company can use its own agents to interact with the Salesforce environment.

“It’s already happening,” Nair adds. “My SOC agent is pulling in all the log files from Salesforce. They’re not providing me anything other than the security layer they need to protect the data that exists there.”

AI agents are set to change the dynamic between enterprises and software vendors in other ways, too. One major difference between software and agents is software is well-defined, operates in a particular way, and changes slowly, says Jinsook Han, chief of strategy, corporate development, and global agentic AI at Genpact.

“But we expect when the agent comes in, it’s going to get smarter every day,” she says. “The world will change dramatically because agents are continuously changing. And the expectations from the enterprises are also being reshaped.”

Another difference is agents can more easily work with data and systems where they are. Take for example a sales agent meeting with customers, says Anand Rao, AI professor at Carnegie Mellon University. Each salesperson has a calendar where all their meetings are scheduled, and they have emails, messages, and meeting recordings. An agent can simply access those emails when needed.

“Why put them all into Salesforce?” Rao asks. “If the idea is to do and monitor the sale, it doesn’t have to go into Salesforce, and the agents can go grab it.”

When Rao was a consultant having a conversation with a client, he’d log it into Salesforce with a note, for instance, saying the client needs a white paper from the partner in charge of quantum.

With an agent taking notes during the meeting, it can immediately identify the action items and follow up to get the white paper.

“Right now we’re blindly automating the existing workflow,” Rao says. “But why do we need to do that? There’ll be a fundamental shift of how we see value chains and systems. We’ll get rid of all the intermediate steps. That’s the biggest worry for the SAPs, Salesforces, and Workdays of the world.”

Another aspect of the agentic economy is instead of a human employee talking to a vendor’s AI agent, a company agent can handle the conversation on the employee’s behalf. And if a company wants to switch vendors, the experience will be seamless for employees, since they never had to deal directly with the vendor anyway.

“I think that’s something that’ll happen,” says Ricardo Baeza-Yates, co-chair of the  US technology policy committee at the Association for Computing Machinery. “And it makes the market more competitive, and makes integrating things much easier.”

In the short term, however, it might make more sense for companies to use the vendors’ agents instead of creating their own.

“I recommend people don’t overbuild because everything is moving,” says Bret Greenstein, CAIO at West Monroe Partners, a management consulting firm. “If you build a highly complicated system, you’re going to be building yourself some tech debt. If an agent exists in your application and it’s localized to the data in that application, use it.”

But over time, an agent that’s independent of the application can be more effective, he says, and there’s a lot of lock-in that goes into applications. “It’s going to be easier every day to build the agent you want without having to buy a giant license. “The effort to get effective agents is dropping rapidly, and the justification for getting expensive agents from your enterprise software vendors is getting less,” he says.

The future of software

According to IDC, pure seat-based pricing will be obsolete by 2028, forcing 70% of vendors to figure out new business models.

With technology evolving as quickly as it is, JBGoodwin Realtors has already started to change its approach to buying tech, says Tull. It used to prefer long-term contracts, for example but that’s not the case anymore “You save more if you go longer, but I’ll ask for an option to re-sign with a cap,” he says.

That doesn’t mean SaaS will die overnight. Companies have made significant investments in their current technology infrastructure, says Patrycja Sobera, SVP of digital workplace solutions at Unisys.

“They’re not scrapping their strategies around cloud and SaaS,” she says. “They’re not saying, ‘Let’s abandon this and go straight to agentic.’ I’m not seeing that at all.”

Ultimately, people are slow to change, and institutions are even slower. Many organizations are still running legacy systems. For example, the FAA has just come out with a bold plan to update its systems by getting rid of floppy disks and upgrading from Windows 95. They expect this to take four years.

But the center of gravity will move toward agents and, as it does, so will funding, innovation, green-field deployments, and the economics of the software industry.

“There are so many organizations and leaders who need to cross the chasm,” says Sobera. “You’re going to have organizations at different levels of maturity, and some will be stuck in SaaS mentality, but feeling more in control while some of our progressive clients will embrace the move. We’re also seeing those clients outperform their peers in revenue, innovation, and satisfaction.”

Tech talent, especially with advanced and specialized skills, remains elusive. Findings from a recent IT global HR trends report by Gi Group show a 47% enterprise average struggles with sourcing and retaining talent. As a consequence, turnover remains high.

Another international study by Cegos highlights that 53% of 200 directors or managers of information systems in Italy alone say the difficulty of attracting and retaining IT talent is something they face daily. Cybersecurity is the most relevant IT problem but a majority, albeit slight, feels confident of tackling it. Conversely, however, only 8% think they’ll be able to solve the IT talent problem. IT team skills development and talent retention are the next biggest issues facing CIOs in Italy, and only 24% and 9%, respectively, think they can successfully address it.

“Talents aren’t rare,” says Cecilia Colasanti, CIO of Istat, the National Institute of Statistics. “They’re there but they’re not valued. That’s why, more often, they prefer to go abroad. For me, talent is the right person in the right place. Managers, including CIOs, must have the ability to recognize talents, make them understand they’ve been identified, and enhance them with the right opportunities.”

The CIO as protagonist of talent management

Colasanti has very clear ideas on how to manage her talents to create a cohesive and motivated group. “The goal I set myself as CIO was to release increasingly high-quality products for statistical users, both internal and external,” she says. “I want to be concrete and close the projects we’ve opened, to ensure the institution continues to improve with the contribution of IT, which is a driver of statistical production. I have the task of improving the IT function, the quality of the products released, the relevance of the management, and the well-being of people.”

Istat’s IT department currently has 195 people, and represents about 10% of the institute’s entire staff. Colasanti’s first step after her CIO appointment in October 2023 was to personally meet with all the resources assigned to management for an interview.

“I’ve been working at Istat since 2001 and almost everyone knows each other,” she says. “I’ve held various roles in the IT department, and in my latest role as CIO, I want to listen to everyone to gather every possible viewpoint. Because how well we know each other, I feel my colleagues have a high expectation of our work together. That’s why I try to establish a frank dialogue and avoid ambiguity. But I make it clear that listening doesn’t mean delegating responsibility. I accept some proposals, reject others, and try to justify choices.”

Another move was to reinstate the two problems, two solutions initiative launched in Istat many years ago. Colasanti asked staff, on a voluntary basis, to identify two problems and propose two solutions. She then processed the material and shared the results in face-to-face meetings, commenting on the proposals, and evaluating those to be followed up.

“I’ve been very vocal about this initiative,” she says, “But I also believe it’s been an effective way to cement the relationship of trust with my colleagues.”

Some of the inquiries related to career opportunities and technical issues, but the most frequent pain points that emerged were internal communication and staff shortages. Colasanti spoke with everyone, clarifying which points she could or couldn’t act on. Career paths and hiring in the public sector, for example, follow precise procedures where little could be influenced.

“I tried to address all the issues from a proactive perspective,” she says. “Where I perceived a generic resistance to change rather than a specific problem, I tried to focus on intrinsic motivation and people’s commitment. It’s important to explain the strategies of the institution and the role of each person to achieve objectives. After all, people need and have the right to know the context in which they operate, and be aware of how their work affects the bigger picture.”

Engagement must be built day by day, so Colasanti regularly meets with staff including heads of department and service managers.

Small enterprise, big concerns

The case of Istat stands out for the size of its IT department, but in SMEs, IT functions can be just a handful of people, including the CIO, and much of the work is done by external consultants and suppliers. It’s a structure that has to be worked with, dividing themselves between coordinating various resources across different projects, and the actual IT work. Outsourcing to the cloud is an additional support but CIOs would generally like to have more in-house expertise rather than depend on partners to control supplier products.

“Attracting and retaining talent is a problem, so things are outsourced,” says the CIO of a small healthcare company with an IT team of three. “You offload the responsibility and free up internal resources at the risk of losing know-how in the company. But at the moment, we have no other choice. We can’t offer the salaries of a large private group, and IT talent changes jobs every two years, so keeping people motivated is difficult. We hire a candidate, go through the training, and see them grow only to see them leave. But our sector is highly specialized and the necessary skills are rare.”

The sirens of the market are tempting for those with the skills to command premium positioning, and the private sector is able to attract talent more easily than public due to its hiring flexibility and career paths.

“The public sector offers the opportunity to research, explore and deepen issues that private companies often don’t invest in because they don’t see the profit,” says Colasanti. “The public has the good of the community as its mission and can afford long-term investments.”

Training builds resource retention

To meet demand, CIOs are prioritizing hiring new IT profiles and training their teams, according to the Cegos international barometer. Offering reskilling and upskilling are effective ways to overcome the pitfalls of talent acquisition and retention.

“The market is competitive, so retaining talent requires barriers to exit,” says Emanuela Pignataro, head of business transformation and execution at Cegos Italia. “If an employer creates a stimulating and rewarding environment with sufficient benefits, people are less likely to seek other opportunities or get caught up in the competition. Many feel they’re burdened with too many tasks they can’t cope with on their own, and these are people with the most valuable skills, but who often work without much support. So if the company spends on training or onboarding new people who support these people, they create reassurance, which generates loyalty.”

In fact, Colasanti is a staunch supporter of life-long learning, and the experience that brings balance and management skills. But she doesn’t have a large budget for IT training, yet solutions in response to certain requests are within reach.

“In these cases, I want serious commitment,” she says. “The institution invests and the course must give a result. A higher budget would be useful, of course, especially for an ever-evolving subject like cybersecurity.”

The need for leadership

CIOs also recognize the importance of following people closely, empowering them, and giving them a precise and relevant role that enhances motivation. It’s also essential to collaborate with the HR function to develop tools for welfare and well-being.

According to the Gi Group study, the factors that IT candidates in Italy consider a priority when choosing an employer are, in descending order, salary, a hybrid job offer, work-life balance, the possibility of covering roles that don’t involve high stress levels, and opportunities for career advancement and professional growth.

But there’s another aspect that helps solve the age-old issue of talent management. CIOs need to recognize more of the role of their leadership. At the moment, Italian IT directors place it at the bottom of their key qualities. In the Cegos study, technical expertise, strategic vision, and ability to innovate come first, while leadership came a distant second. But the leadership of the CIO is a founding basis, even when there’s disagreement with choices.

“I believe in physical presence in the workplace,” says Colasanti. “Istat has a long tradition of applying teleworking and implementing smart working, which everyone can access if they wish. Personally, I prefer to be in the office, but I respect the need to reconcile private life and work, and I have no objection to agile working. I’m on site every day, though. My colleagues know I’m here.”

기술 부채가 IT 조직을 마비시킬 위협 요인으로 떠오르자 상당수 CIO가 레거시 소프트웨어와 시스템 유지보수·업그레이드를 위해 서드파티 서비스 업체에 눈을 돌리고 있다. 매니지드 서비스 업체 엔소노(Ensono)가 실시한 설문조사 결과, IT 리더 100명 가운데 95명이 레거시 IT를 현대화하고 기술 부채를 줄이기 위해 외부 서비스 업체를 활용하고 있는 것으로 나타났다.

이 같은 움직임은 부분적으로 레거시 IT 비용 증가에서 비롯됐다. 응답자 가운데 거의 절반은 지난해 노후 IT 시스템 유지보수에 예산보다 더 많은 비용을 지출했다고 답했다. 더 큰 문제는 레거시 애플리케이션과 인프라가 IT 조직의 발목을 잡고 있다는 점이다. IT 리더 10명 가운데 9명은 레거시 유지보수가 AI 현대화 계획에 걸림돌이 되고 있다고 지적했다.

엔소노의 CTO 팀 베어먼은 “레거시 시스템 유지보수가 현대화 노력에 큰 방해가 되고 있다”라며, “전형적인 혁신가의 딜레마다. 혁신보다는 노후 시스템과 그 해결 방안에만 집중하고 있다”라고 지적했다.

일부 CIO는 레거시 시스템 운영을 서비스 업체에 맡기거나 외부 IT팀을 활용해 기술 부채를 정리하고 소프트웨어와 시스템을 현대화하고 있다. 베어먼은 레거시 시스템을 외부에 맡기는 기업이 증가하는 배경으로 고령화된 인력을 꼽았다. 기업 내부의 레거시 시스템 전문가가 은퇴하면서 축적된 지식도 함께 빠져나가고 있다는 의미다.

베어먼은 “이 일을 내부에서 직접 처리할 수 있는 인력이 많지 않다. 조직 내 인력이 고령화되고 퇴직자가 늘어나는 상황에서, 필요한 인재를 채용하기 어려운 영역에서는 외부에서 전문 인력을 찾아야 한다”라고 설명했다. 또, “MSP 모델 자체는 수십 년 전부터 존재했지만, 최근에는 예산을 확보하고 AI를 도입할 시간을 만들기 위해 MSP를 기술 부채 관리 수단으로 활용하는 흐름이 커지고 있다”라고 분석했다.

AI처럼 새로운 기술이 빠르게 확산되는 것도 이런 흐름에 일조하고 있다. 베어먼은 “한쪽에는 관리·유지해야 하는 레거시 문제가 있고, 다른 한쪽에는 수년 동안 경험하지 못한 속도로 발전하는 최신 기술이 있어 양쪽을 동시에 따라가기 어렵다”라고 덧붙였다.

위험의 아웃소싱

사이버 보안 서비스 업체 뉴빅(Neuvik)의 CEO 라이언 레이르빅은 레거시 IT 관리를 서비스 업체에 맡기는 흐름이 확대되고 있다는 점에 동의했다. 레이르빅은 레거시 시스템에 적합한 전문가를 매칭하는 등 여러 장점을 언급하면서도, CIO가 위험 관리를 위해 MSP를 활용하는 경향도 있다고 지적했다.

레이르빅은 “많은 장점 가운데 자주 언급되지 않는 핵심은 취약점 악용이나 서비스 중단 위험을 서비스 업체에 맡길 수 있다는 점”이라며, “취약점 발견과 패치, 전반적인 유지보수에 지속적으로 많은 비용이 드는 환경에서는 잘못 대응했을 때 발생하는 위험을 서비스 업체가 떠안게 되는 경우가 많다”라고 설명했다.

미 국방부(US Department of Defense)에서 비서실장 겸 사이버 부문 부국장을 지낸 레이르빅은 레거시 IT 유지보수 예산을 초과 집행한 IT 책임자가 많다는 것이 놀랄 일은 아니라고 말한다. 많은 조직이 현재 보유한 IT 인프라와 앞으로 전환해야 할 인프라 사이에서 필요한 인재 역량이 맞지 않는 상황에 놓여 있다고 지적하며, 레거시 소프트웨어와 시스템의 지속적인 유지보수 비용이 예상보다 더 많이 드는 경우도 잦다고 말했다.

레이르빅은 “초기 도입 비용이 1이라면, 유지보수 비용은 1X이기 때문에 예상하지 못한 거대한 유지보수 꼬리가 생긴다”라고 덧붙였다.

레거시 유지보수의 덫에서 벗어나려면 적절한 서드파티 업체를 고르는 선견지명과 선택 기준이 필요하다. 레이르빅은 “장기적인 관점에서 해당 업체와 향후 5년 계획이 맞물리는지 반드시 확인해야 한다. 또 조직의 목표와 업체가 제공하려는 지원 방향이 일치하는지도 점검해야 한다”라고 조언했다.

두 번 지불하는 비용

일부 IT 리더가 레거시 시스템 현대화를 서드파티 업체에 맡기고 있지만, IT 서비스 관리 및 고객 서비스 소프트웨어 업체 프레시웍스(Freshworks)가 최근 공개한 보고서는 이런 현대화 노력이 과연 효율적인지에 의문을 제기했다.

프레시웍스의 조사에서 응답자의 3/4 이상은 소프트웨어 도입에 예상보다 더 많은 시간이 걸린다고 답했고, 프로젝트 가운데 2/3은 예산을 초과했다고 응답했다. 프레시웍스의 CIO 아슈윈 발랄은 서드파티 서비스 업체가 이 문제를 해결해 주지 못할 수도 있다고 경고했다.

발랄은 “레거시 시스템이 너무 복잡해지면서 기업이 도움을 구하려고 서드파티 업체와 컨설턴트에 점점 더 의존하고 있지만, 실제로는 수준 이하의 레거시 시스템을 다른 수준 이하 레거시 시스템으로 바꾸는 결과에 그치는 경우가 많다”라며, “서드파티 업체와 컨설턴트를 추가하면 기존 문제를 해결하기보다는 새로운 복잡성만 더해 문제를 악화시키는 사례도 적지 않다”라고 지적했다.

해법은 서드파티 업체를 늘리는 것이 아니라 별도의 복잡한 작업 없이 바로 쓸 수 있는 새로운 기술을 도입하는 데 있다. 발랄은 “이론적으로 서드파티 업체는 전문성과 속도를 제공한다. 하지만 현실에서는 복잡한 기술을 도입하는 데 한 번, 해당 기술이 제대로 작동하도록 컨설턴트를 투입하는 데 또 한 번 등 두 번 비용을 지불하는 경우가 많다”라고 꼬집었다.

피하기 어려운 서드파티 업체 활용

사이버 보안 솔루션 업체 워치가드 테크놀로지스(WatchGuard Technologies)의 필드 CTO 겸 CISO 애덤 윈스턴은 상당수 IT 리더가 일정 수준의 서드파티 지원을 사실상 피할 수 없는 선택으로 보고 있다. 윈스턴은 오래된 코드를 업데이트하거나 워크로드를 클라우드로 이전하고 SaaS 도구를 도입하고, 사이버보안을 강화하는 등 대부분의 과제에서 이제 외부 지원이 필요하다고 말했다.

윈스턴은 노후 원격접속 도구와 VPN을 포함한 레거시 시스템이 쌓이면 기술 부채가 눈덩이처럼 불어나 조직을 짓누를 수 있다고 경고했다. 또, 아직 많은 조직이 클라우드나 SaaS 도구로 완전히 현대화하지 못한 상태이며, 전환 시점이 오면 외부 업체에 도움을 요청할 수밖에 없을 것이라고 내다봤다.

윈스턴은 “대부분 기업은 자체 애플리케이션을 설계·개발·운영하지 않고, 그런 영역에 기술 부채가 쌓여 있는 상황에서 하이브리드 IT 구조를 유지하고 있다”라며, “여전히 코로케이션과 온프레미스 중심이던 시절의 환경을 유지하는 기업도 많고, 이런 환경에는 거의 예외 없이 레거시 서버와 레거시 네트워크, 현대적인 설계나 아키텍처를 따르지 않는 레거시 시스템이 포함돼 있다”라고 설명했다.

이런 기업의 IT 리더는 노후 기술을 단계적으로 퇴역시키는 계획을 세우고, IT 투자가 가능한 한 최신 상태를 유지하도록 솔루션 업체의 책임을 명확히 하는 서비스 계약을 체결해야 한다. 윈스턴은 많은 솔루션 업체가 신제품을 내놓으면서 기존 제품 지원을 너무 쉽게 중단한다고 지적했다.

윈스턴은 “업그레이드를 하지 않을 계획이라면 레거시 지원 비용을 면밀히 따져 보고, 업그레이드할 수 없다면 어떻게 격리할 것인지에 대한 답을 준비해야 한다”라며, “업그레이드가 불가능할 경우 위험을 옮기기 위한 이른바 ‘무덤 격리 전략(graveyard segmentation strategy)’을 어떻게 설계할지도 고민해야 한다”라고 강조했다. 또 “솔루션 업체 실사 과정에서 이런 논의가 빠지는 경우가 많고, 그러다 문제가 터지면 조직이 뒤늦게 놀라게 된다”라고 덧붙였다.

그렇다고 CIO가 레거시 IT 전문성을 쌓는 방향으로 커리어를 설계하는 것은 피해야 한다. 윈스턴은 “소프트웨어나 구축 비용을 충분히 상각하지 못했다면, 앞으로 도입하는 모든 신규 애플리케이션에는 최신 컴포넌트를 사용하겠다고 스스로 다짐해야 한다”라고 강조했다.
dl-ciokorea@foundryco.com

In my experience leading ERP modernization projects and collaborating with IT and business executives, I’ve learned that technology alone rarely determines success, but mindset and architecture do. Gartner reports, “By 2027, more than 70% of recently implemented ERP initiatives will fail to fully meet their original business case goals.” ERP success now requires a fundamentally different architecture.

For decades, ERP systems have been the core of enterprise operations: managing finance, supply chain, manufacturing, HR and more. The same systems that once promised control and integration are now stifling flexibility, slowing innovation and piling up technical debt.

From what I’ve observed across multiple ERP programs, the problem isn’t ERP itself, but rather, it’s how we’ve come to think about it. Many organizations still treat ERP purely as a system of record, missing the broader opportunity in front of them.

The next era of business agility will be defined by ERP as a composable platform: modular, data-centric, cloud-native and powered by AI. In many of the organizations I’ve worked with, technology leaders aren’t debating whether to modernize the core. Instead, they’re focused on how to do it without stalling the business.

Forbes captures the shift succinctly: “it is anticipated that 75% of global businesses will begin replacing traditional monolithic ERP systems with modular solutions — driven by the need for enhanced flexibility and scalability in business operations.” This highlights ERP’s evolution from monolithic legacy suites to an adaptive, innovation-driven platform.

Those who embrace this shift will make ERP an enabler of innovation. Those who don’t will watch their core systems become their biggest bottleneck and stay held back.

From monoliths to modular backbones

In the 1990s and 2000s, ERP meant one vendor, one codebase and one massive implementation project touching every corner of the business. Companies spent millions customizing software to fit every process nuance.

I saw the next chapter unfold with the cloud era. Companies such as SAP, Oracle, Microsoft and Infor transitioned their portfolios to SaaS, while a wave of startups emerged with modular, industry-focused ERP platforms. APIs and services finally promised a system that could evolve with the business.

In one transformation I supported, our biggest turning point came when we stopped treating ERP as a single implementation. We began decomposing capabilities into modules that business teams could own and evolve independently.

But for many enterprises, that promise never fully materialized. The issue isn’t the technology anymore, but the mindset. In many organizations, ERP is still viewed as a finished installation rather than a living platform meant to grow and adapt.

The cost of the old mindset

Legacy ERP thinking simply can’t keep up with today’s pace of change. The result is slower innovation, fragmented data and IT teams locked in perpetual catch-up mode. Organizations need architectures that change as fast as the business does.

LeanIX, citing Gartner research, highlights the advantage: “Organizations that have adopted a composable approach to IT are 80% faster in new-feature implementation, particularly when using what Gartner defines as composable ERP platforms,” demonstrating the performance gap between modular ERP and traditional monolithic systems.

I’ve seen legacy ERP thinking carry a high price tag in real projects:

• Inflexibility: Business models evolve faster than software cycles. Traditional ERP can’t keep up.
• Over-customization: Years of bespoke code make upgrades risky and expensive.
• Data fragmentation: Multiple ERP instances and disconnected modules create inconsistent data and unreliable analytics.
• User frustration: Outdated interfaces drive workarounds and disengagement.
• High total cost of ownership: Maintenance and upgrades consume budgets that should fund innovation.

Enter the composable ERP

The emerging composable ERP model breaks this monolith apart. Gartner defines it as an architecture where enterprise applications are assembled from modular building blocks, connected through APIs and unified by a data fabric.

As LeanIX explains, “Composable ERP, built on modular and interoperable components, allows organizations to respond faster to change by assembling capabilities as needed rather than relying on a rigid, monolithic suite,” illustrating the transition from static ERP systems to a dynamic, adaptable business platform.

Having worked on both sides — custom development and packaged ERP — I’ve learned that the real power of composability lies in how easily teams can assemble, not just integrate, capabilities. Rather than seeing ERP as a single suite, think of it as the system that enables how an enterprise operates. The core processes — finance, supply chain, manufacturing, HR — are what make up the base. Modular features such as AI forecasting, customer analytics and sustainability tracking can plug in dynamically as the business evolves.

This approach enables organizations to:

• Mix and match modules from different vendors or in-house teams.
• Integrate best-of-breed cloud apps through standard APIs instead of brittle custom code.
• Leverage AI for automation, insights and predictive decisions.
• Deliver persona-based experiences tailored to each user’s role.

Personas: The human face of composable ERP

Traditional ERP treated every user the same, in which there would be one interface, hundreds of menus, endless forms. Composable ERP flips that script with persona-based design, built around what each role needs to accomplish.

• CFOs see real-time financial health across entities with AI-driven scenario modeling.
• Supply chain leaders monitor live demand signals, supplier performance and sustainability metrics.
• Plant managers track IoT-enabled equipment, predictive maintenance and production KPIs.
• Sales and service teams access operational data seamlessly without switching systems.

From my experience, when ERP is designed around real personas rather than generic transactions, adoption rises and decisions happen faster.

Challenges and pitfalls

These are not theoretical issues; they’re the practical challenges I see IT and business teams grappling with every day.

• Data governance: Without a unified data strategy, modularity turns to chaos.
• Integration complexity: APIs require discipline for versioning, authentication, semantic alignment.
• Vendor lock-in: Even open platforms can create subtle dependencies.
• Change management: Employees need support and training to unlearn old habits.
• Security: A more connected system means a larger attack surface. Zero-trust security is essential.

True success demands leadership that balances technical depth with organizational empathy.

The CIO’s new playbook

Through years of ERP work and collaboration between business and IT teams, I’ve realized that the biggest hurdle to ERP success is the belief that ERP is a fixed system instead of a constantly evolving platform for innovation.

This shift isn’t about tools, but rather it’s about redefining the ERP’s role in the business. McKinsey reinforces this reality, stating, “Modernizing the ERP core is not just a technology upgrade — it is a business transformation that enables new capabilities across the enterprise.” It’s a shift that calls for a fundamentally different playbook, especially for CIOs leading modernization efforts.

1. Start with the business architecture, not the software. Define how you want your enterprise to operate, then design ERP capabilities to fit.
2. Build a unified data fabric. A composable ERP lives or dies by consistent, high-quality data.
3. Adopt modular thinking incrementally. Start small by piloting a few modules, prove the value, then scale.
4. Empower fusion teams. Blend IT, operations and business experts into agile squads that compose solutions quickly.
5. Measure success by outcomes, not go-lives. The goal is agility and resilience and not a single launch date.
6. Push vendors for openness. Demand published APIs and true interoperability, not proprietary cloud labels.

Oracle reinforces this imperative: “Companies need to move toward a portfolio that is more adaptable to business change, with composable applications that can be assembled, reassembled and extended,” highlighting flexibility as a core selection criterion.

Reframe ERP as an innovation platform. Encourage experimentation with low-code workflows, analytics and AI copilots.

Looking ahead: When ERP becomes invisible

In a few years, we might not even use the term ERP. Like CRM’s evolution into customer experience platforms, ERP will fade into the background, becoming the invisible digital backbone of the enterprise.

I’ve watched ERP evolve from on-premises to cloud to AI-driven platforms. AI will soon handle transactions and workflows behind the scenes, while employees interact through conversational interfaces and embedded analytics. Instead of logging into systems, they’ll simply request outcomes — and the composable ERP fabric will dynamically orchestrate everything required to deliver them.

That future belongs to organizations rethinking ERP today. This isn’t just another upgrade cycle — it’s a redefinition of how enterprises operate.

From record-keeping to value creation

ERP was once about efficiency — tracking inventory, closing books, enforcing process discipline. Today, it’s about resilience and innovation. From my own journey across multiple ERP programs, I’ve seen that the CIO’s challenge isn’t just keeping systems running, but also architecting agility into how the enterprise operates.

Composable ERP, which is built on cloud, AI and human-centered design, is the blueprint. It turns ERP from a system of record into a system of innovation that evolves as fast as the market around it.

The opportunity is clear: Lead the transformation or risk maintaining yesterday’s architecture while others design tomorrow’s enterprise.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

As tech debt threatens to cripple many IT organizations, a huge number of CIOs have turned to third-party service providers to maintain or upgrade legacy software and systems, according to a new survey.

A full 95% of IT leaders are now using outside service providers to modernize legacy IT and reduce tech debt, according to a survey by MSP Ensono.

The push is in part due to the cost of legacy IT, with nearly half of those surveyed saying they paid more in the past year to maintain older IT systems than they had budgeted. More importantly, dealing with legacy applications and infrastructure is holding IT organizations back, as nearly nine in 10 IT leaders say legacy maintenance has hampered their AI modernization plans.

“Maintaining legacy systems is really slowing down modernization efforts,” says Tim Beerman, Ensono’s CTO. “It’s the typical innovator’s dilemma — they’re focusing on outdated systems and how to address them.”

In some cases, CIOs have turned to service providers to manage legacy systems, but in other cases, they have looked to outside IT teams to retire tech debt and modernize software and systems, Beerman says. One reason they’re turning to outside service providers is an aging employee base, with internal experts in legacy systems retiring and taking their knowledge with them, he adds.

“Not very many people are able to do it themselves,” Beerman says. “You have maturing workforces and people moving out of the workforce, and you need to go find expertise in areas where you can’t hire that talent.”

While the MSP model has been around for decades, the move to using it to manage tech debt appears to be a growing trend as organizations look to clear up budget and find time to deploy AI, he adds.

“If you look at the advent of lot of new technology, especially AI, that’s moving much faster, and clients are looking for help,” Beerman says. “On one side, you have this legacy problem that they need to manage and maintain, and then you have technology moving at a pace that it hasn’t moved in years.”

Outsourcing risk

Ryan Leirvik, CEO at cybersecurity services firm Neuvik, also sees a trend toward using service providers to manage legacy IT. He sees several advantages, including matching the right experts to legacy systems, but CIOs may also use MSPs to manage their risk, he says.

“Of the many advantages, one primary advantage often not mentioned is shifting the exploitation or service interruption risk to the vendor,” he adds. “In an environment where vulnerability discovery, patching, and overall maintenance is an ongoing and expensive effort, the risk of getting it wrong typically sits with the vendor in charge.”

The number of IT leaders in the survey who overspent their legacy IT maintenance budgets also doesn’t surprise Leirvik, a former chief of staff and associate director of cyber at the US Department of Defense.

Many organizations have a talent mismatch between the IT infrastructure they have and the one they need to move to, he says. In addition, the ongoing maintenance of legacy software and systems often costs more than anticipated, he adds.

“There’s this huge maintenance tail that we weren’t expecting because the initial price point was one cost and the maintenance is 1X,” Leirvik says.

To get out of the legacy maintenance trap, IT leaders need foresight and discipline to choose the right third-party provider, he adds. “Take the long-term view — make sure the five-year plan lines up with this particular vendor,” he says. “Do your goals as an organization match up with where they’re going to help you out?”

Paying twice

While some IT leaders have turned to third-party vendors to update legacy systems, a recently released report from ITSM and customer-service software vendor Freshworks raises questions about the efficiency of modernization efforts.

More than three-quarters of those surveyed by Freshworks say software implementations take longer than expected, with two-thirds of those projects exceeding expected budgets.

Third-party providers may not solve the problems, says Ashwin Ballal, Freshworks’ CIO.

“Legacy systems have become so complex that companies are increasingly turning to third-party vendors and consultants for help, but the problem is that, more often than not, organizations are trading one subpar legacy system for another,” he says. “Adding vendors and consultants often compounds the problem, bringing in new layers of complexity rather than resolving the old ones.”

The solution isn’t adding more vendors, but new technology that works out of the box, Ballal adds.

“In theory, third-party providers bring expertise and speed,” he says. “In practice, organizations often find themselves paying for things twice — once for complex technology, and then again for consultants to make it work.”

Third-party vendors unavoidable

Other IT leaders see some third-party support as nearly inevitable. Whether it’s updating old code, moving workloads to the cloud, adopting SaaS tools, or improving cybersecurity, most organizations now need outside assistance, says Adam Winston, field CTO and CISO at cybersecurity vendor WatchGuard Technologies.

A buildup of legacy systems, including outdated remote-access tools and VPNs, can crush organizations with tech debt, he adds. Many organizations haven’t yet fully modernized to the cloud or to SaaS tools, and they will turn to outside providers when the time comes, he says.

“Most companies don’t build and design and manage their own apps, and that’s where all that tech debt basically is sitting, and they are in some hybrid IT design,” he says. “They may be still sitting in an era dating back to co-location and on-premise, and that almost always includes legacy servers, legacy networks, legacy systems that aren’t really following a modern design or architecture.”

Winston advises IT leaders to create plans to retire outdated technology and to negotiate service contracts that lean on vendors to keep IT purchases as up to date as possible. Too many vendors are quick to drop support for older products when new ones come out, he suggests.

“If you’re not going to upgrade, do the math on that legacy support and say, ‘If we can’t upgrade that, how are we going to isolate it?’” he says. “‘What is our graveyard segmentation strategy to move the risk in the event that this can’t be upgraded?’ The vendor due diligence leaves a lot of this stuff on the table, and then people seem to get surprised.”

CIOs should avoid specializing in legacy IT, he adds. “If you can’t amortize the cost of the software or the build, promise yourself that every new application that’s coming into the system is going to use the latest component,” Winston says.

For CIOs, the conversation around AI has moved from innovation to orchestration, and project management, long a domain of human coordination and control, is rapidly becoming the proving ground for how intelligent systems can reshape enterprise delivery and accelerate transformation.

In boardrooms across industries, CIOs face the same challenge of how to quantify AI’s promise in operational terms: shorter delivery cycles, reduced overhead, and greater portfolio transparency. A 2025 Georgia Institute of Technology-sponsored study of 217 project management professionals and C-level tech leaders revealed that 73% of organizations have adopted AI in some form of project management.

Yet amid the excitement, the question of how AI will redefine the role of the project manager (PM) remains, as does how will the future framework for the business transformation program be defined.

A shift in the PM’s role, not relevance

Across industries, project professionals are already seeing change. Early adopters in the study report project efficiency gains of up to 30%, but success depends less on tech and more on how leadership governs its use. The overwhelming majority found it highly effective in improving efficiency, predictive planning, and decision-making. But what does that mean for the associates running these projects?

Roughly one-third of respondents believed AI would allow PMs to focus more on strategic oversight, shifting from day-to-day coordination to guiding long-term outcomes. Another third predicted enhanced collaboration roles, where managers act as facilitators who interpret and integrate AI insights across teams. The rest envisioned PMs evolving into supervisors of AI systems themselves, ensuring that algorithms are ethical, accurate, and aligned with business goals.

These perspectives converge on a single point: AI will not replace PMs, but it will redefine their value. The PM of the next decade won’t simply manage tasks, they’ll manage intelligence and translate AI-driven insights into business outcomes.

Why PMOs can’t wait

For project management offices (PMOs), the challenge is no longer whether to adopt AI but how. AI adoption is accelerating, with most large enterprises experimenting with predictive scheduling, automated risk reporting, and gen AI for documentation. But the integration is uneven.

Many PMOs still treat AI as an add-on, a set of tools rather than its strategic capability. This misses the point since AI is about augmenting judgment and automation. The organizations gaining a real competitive advantage are those embedding AI into their project methodologies, governance frameworks, and performance metrics with this five-point approach in mind.

1. Begin with pilot projects

Think small, scale fast. The most successful AI integrations begin with targeted use cases that automate project status reports, predict schedule slippage, or identify resource bottlenecks. These pilot projects create proof points, generate enthusiasm, and expose integration challenges early.

2. Measure value, not just activity

One common pitfall is adopting AI without clear performance metrics. PMOs should set tangible KPIs such as reduction in manual reporting time, improved accuracy in risk forecasts, shorter project cycle times, and higher stakeholder satisfaction. Communicating these outcomes across the organization is just as important as achieving them. Success stories build momentum, foster buy-in, and demystify AI for skeptical teams.

3. Upskill PMs

AI will only be as valuable as the people who use it. Nearly half of the surveyed professionals cited lack of a skilled workforce as a barrier to AI integration. Project managers don’t need to become data scientists, but they must understand AI fundamentals, how algorithms work, where biases emerge, and what data quality means. In this evolving landscape, the most effective PMs will combine data literacy with human-centered leadership, including critical thinking, emotional intelligence, and communication.

4. Strengthen governance and ethics

Increasing AI raises pressing ethical questions, especially when algorithms influence project decisions. PMOs must take the lead in establishing AI governance frameworks that emphasize transparency, fairness, and human oversight. Embedding these principles into the PMO’s charter doesn’t just mitigate risk, it builds trust.

5. Evolve from PMO to BTO

The traditional PMO focuses on execution through scope, schedule, and cost. But AI-driven organizations are shifting toward business transformation offices (BTOs), which align projects directly with strategic value creation through process improvement in parallel. A PMO ensures projects are done right. A BTO ensures the right projects are done. A crucial element of this framework is the transition from a Waterfall to an Agile mindset. The evolution of project management has shifted from rigid plans to iterative, customer-centric, and collaborative methods, with hybrid methodologies becoming increasingly common. This Agile approach is vital for adapting to the rapid changes brought by AI and digital disruption.

The new PM career path

By 2030, AI could manage most routine project tasks, such as status updates, scheduling, and risk flagging, while human leaders focus on vision, collaboration, and ethics. This shift mirrors past revolutions in project management from the rise of Agile to digital transformation, but at an even faster pace. But as organizations adopt AI, the risk of losing the human element persists. Project management has always been about people and aligning interests, resolving conflicts, and inspiring teams. However, while AI can predict a delay, it can’t motivate a team to overcome it. The PM’s human ability to interpret nuance, build trust, and foster collaboration remains irreplaceable.

A call to action

AI represents the next frontier in enterprise project delivery, and the next decade will test how well PMOs, executives, and policymakers can navigate the evolution of transformation. To thrive, organizations must invest in people as much as in platforms, adopt ethical, transparent governance, foster continuous learning and experimentation, and measure success by outcomes rather than hype.

For CIOs, the mandate is clear: lead with vision, govern with integrity, and empower teams with intelligent tools. AI, after all, isn’t a threat to the project management profession. It’s a catalyst for its reinvention, and when executed responsibly, AI-driven project management will not only deliver operational gains but also build more adaptive, human-centered organizations ready for the challenges ahead. By embracing it thoughtfully, PMs can elevate their roles from administrators to architects of change.