DevSecOps programmes frequently achieve genuine success at the team level and then fail to propagate that success to the rest of the organisation. This is why, and what the scaling framework looks like.
Sovereign Cloud: Why European Enterprises Are Asking Questions That Nobody Has Good Answers to Yet
Sovereign cloud is moving from a regulatory discussion to an enterprise procurement requirement. European enterprises are asking questions that the cloud market has not yet fully answered.
AI and Cloud Security: Why Attackers Are Moving Faster Than Enterprise Detection Strategies
AI is changing the offensive security landscape faster than it is changing enterprise defensive capabilities. The detection strategies most vulnerable, and the investments most worth making, deserve more attention than they are getting.
Cloud Security Consolidation: The Business Case That Turns a CISO Conversation Into a Board Decision
Cloud security consolidation decisions stall because they are framed as technology decisions rather than business decisions. This is the five-component financial model that closes the gap between the CISO's case and the CFO's approval.
AppSec in the Age of AI-Assisted Development: The Process Gap Getting Worse Faster Than the Tooling
AI-assisted development tools are accelerating code production in ways that create a new application security challenge: the attack surface is growing faster than security testing can cover it.
NIS2 Is Coming: What the Directive Means for European Enterprise Cloud and Security Strategy
NIS2 significantly expands the scope, obligations, and enforcement regime of European cybersecurity regulation. This is the strategic assessment that enterprise technology leaders need to begin their compliance planning.
KubeCon Amsterdam 2023: The Enterprise Signals in the Cloud-Native Community You Should Not Miss
KubeCon Amsterdam 2023 produced signals about enterprise cloud-native adoption that deserve more attention than the typical conference summary provides. Three themes matter most for enterprise architecture decisions in 2023 and beyond.
GPT-4 Changes the Enterprise AI Calculation — What Technology Leaders Need to Do in the Next 90 Days
GPT-4 represents a step change in large language model capability that materially changes the enterprise AI investment calculus. The quality of reasoning, the multimodal input handling, and performance on professional knowledge tasks all move AI from a productivity experiment to a strategic capability question.
The Shared Responsibility Model in Practice: Where Enterprises Keep Getting It Wrong
The cloud shared responsibility model is well understood in principle and consistently misapplied in practice. Enterprises routinely discover — typically during a security incident — that they assumed responsibility for controls they believed the cloud provider owned.
The Cloud Operating Model Two Years On: What the Framework Gets Right and What Enterprises Still Get Wrong
Two years after the Cloud Operating Model for Dummies framework, the enterprise patterns are clear. The organisations that invested in operating model design before architecture decisions are ahead. The ones that skipped it are managing expensive complexity.
