Another Y2K
This project, I was told in no uncertain terms, was as big and important as Y2K had been, and we didn't have much time to get on it. To make matters worse, we would have to work with an independent auditing firm that--surprise--had developed a SOX-compliance practice. (I like the way they called it a "practice"--are they still trying to get it right?) The auditors required us to use their compliance system, basically a database to hold and report information related to compliance. Integrating the data from our systems into their database to regularly track compliance reports from the numerous ACME business units was an intimidating challenge. I didn't relish the idea of telling my department managers.
The project kickoff session with the auditors, held shortly after that initial meeting, amounted to a demonstration of their database, with the expectation that every member of the IT team would ooh and aah. When Josh attempted to explain that we might be able to integrate our data-reporting system with their database, the auditors immediately nixed the idea, and our protests were met with one of those "shut up or else" looks from our CIO, Steve Fox.
When I approached Steve after the meeting, he confided that Beane was insisting we use the auditors' reports--he didn't know why, and if he had any theories, he kept them to himself. Bottom line: The politics at play were going to make our technical work much more complicated.
Over the next few months, we worked with the auditors to figure out how to feed our data into their system--the right data sets at the right times. The auditors had thought we would do mostly manual data entry and some imports. Fortunately, we found we could use our application middleware to get the requisite information into the auditors' database without too much hassle. But it took time to get the data feeds and processes correct.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
