Talk about a double-whammy. CIOs and IT leaders have to ensure their systems are reliable and the data they use remains secure now and in the future, which will increasingly be filled with artificial intelligence (AI).
Technology executives are tasked with building and overseeing IT infrastructures that remain resilient and flexible enough to embrace cloud computing and new innovations. Meanwhile, their IT teams must master rapidly-growing compliance and regulatory demands.
Staying on top of it all requires the right strategies and frameworks for staying innovative while managing risks, governance requirements and the need for maximizing return on their IT investments.
When asked to rank in order of importance the data-related aspects of GenAI workload implementation, global IT leaders and decision makers surveyed for the 2025 Enterprise Cloud Index report chose data privacy and security as the most important data-related aspect of GenAI implementation, followed by performance and scalability.
Almost all (95%) of respondents agreed that GenAI is changing their organization’s priorities and believe their organization could be doing more to secure its GenAI models and applications. Security and privacy will remain a major challenge for organizations as they seek to justify the use of emerging, GenAI-based solutions and ensure that they adhere to traditional security norms, as well as new requirements for data governance, privacy and visibility.
“As enterprises become more artificially intelligent and connected online, larger amounts of sensitive information are being collected, analyzed and shared at every turn,” said Taylor Tresatti, head of industry research for BIZDEV: The International Association for Business Development.
“The trouble is that technology-powered solutions are advancing faster than corporate compliance and oversight departments can keep up… and even government regulatory bodies in many cases. That creates a tremendous burden on and amount of potential risk for organizations, especially in a time when public scrutiny, not to mention cybersecurity-, privacy- and ethics-related concerns, are only growing as well.”
First Steps to Create an IT Governance Strategy in the AI Era
While 95 percent of senior leaders say their organizations are investing in AI, only 34 percent are incorporating AI governance, according to EY research featured in Tuning Corporate Governance for AI Adoption by NACD is the most trusted association for board directors.
At the 2024 AI for Good Global Summit hosted by the United Nations, a report on the state of global AI governance explained why the lack of controls remain an ongoing and serious concern for today’s largest companies. Global regulatory requirements are evolving, especially as more attention turns to benefits and risks of AI.
Yet IT teams are effectively seeing new technology offerings like AI and automation roll out faster than any prior transformative technology in history, according to Sean Donahue, senior solutions manager at Nutanix.
“Embracing AI effectively demands that enterprises reassess and revitalize their underlying IT systems, focusing on the future and achieving the key scalability, capacity, efficiency, and analytical capabilities required to keep up in a fast-changing IT world,” Donahue told The Forecast.
This also includes the need for IT teams to develop new skills while creating and implementing new AI and cloud computing governance strategies. Without effective oversight and compliance controls in place, organizations risk:
Security breaches and data privacy violations
Compliance failures and regulatory penalties
Escalating and unpredictable costs
Technical debt and integration challenges
Ethical concerns and reputational damage
Missed opportunities for value creation
Mind you: Growing demand for AI deployment is regularly being driven by the highest levels of organizational management, with C-Suite leaders often keen to capitalize on the performance and cost-savings benefits that smart technology brings, BIZDEV’s Tresatti says. But first, IT leaders must develop an effective governance strategy the get leadership teams on board with the plan. That plan includes:
A thorough assessment of how AI and cloud technologies support an organization's strategic goals
Key performance indicators (KPIs) that measure the business impact of automated technologies
Clear links between technology initiatives and business outcomes
A roadmap that prioritizes initiatives based on business value and strategic importance
A well-designed governance strategy not only addresses risks, it also simultaneously enable innovation, optimizes investments and aligns technology initiatives with business objectives, according to. Shamik Kacker, distinguished engineer at Dell Technologies in his ISACA post AI Governance: Key Benefits and Implementation Challenges
Successful AI & Cloud Governance Framework
Taking time out up-front to think through and plan out how to best manage, operate and oversee new technology solutions is critical before making the upgrade to a more intelligent enterprise, said Tresatti. Address potential problems before deploying AI applications or cloud computing resources.
Iin their AI Governance 101: The First 10 Steps Your Business Should Take post, law firm Fisher Philips LLP suggests focusing any AI framework on five major principles:
Transparency: Making sure that any AI decisions made are explainable and understandable.
Fairness: Avoiding unintentional biases in AI training models or outputs that can lead to discriminatory outcomes.
Accountability: Designating responsibility for AI outcomes to human overseers who take responsibility for them.
Privacy and Security: Protecting user data and adhering to federally- and state-mandated data protection laws.
Documentation: Documenting every step in the AI governance process. If it’s not in writing, lawyers note, from a legal perspective, effectively it didn’t happen.
According to ISACA’s Artificial Intelligence Governance Brief, as part of planning any effective cloud and artificial intelligence governance strategy, it also helps for IT leaders to look at addressing the challenge from several additional angles as well.
1. Strategic Alignment
The foundation of effective IT governance lies in aligning AI- and cloud-based initiatives with organizational strategy to ensure greater enterprise-wide buy-in from supervisors and staffers at all turns. At a high level, that not only means understanding what processes can most benefit from being made more virtualized, automated and intelligent. It also means having to understand where cloud and AI solutions offer the greatest productivity and profit gains and most effectively support the business in achieving its big-picture objectives. Enterprise leaders are advised to engage in:
Business-Technology Alignment: Mapping AI and cloud capabilities to specific business outcomes and strategic priorities.
Portfolio Management: Establishing processes for evaluating, prioritizing, and funding initiatives based on strategic fit and expected value.
Architecture Governance: Developing reference architectures and standards that enable consistency while allowing for innovation.
2. Risk Management and Compliance
Once a strategic trajectory has been plotted, Tresatti says, it’s also important to determine a specific method for providing effective and ongoing oversight of operations. Establishing a robust risk management framework and operating model is not only essential for sustainable adoption of cloud and AI technologies, she suggests. It’s also critical to ensuring that any given business complies with information security best practices and meets its legally-mandated compliance requirements. Areas to actively invest in here include:
Regulatory Compliance: Implementing processes to ensure adherence to relevant regulations (e.g., GDPR, HIPAA, industry-specific requirements).
Security Controls: Instituting comprehensive security frameworks covering identity management, data protection, network security, and threat monitoring.
AI-Specific Risk Management: Addressing the unique risks associated with AI deployments including bias, explainability, and unintended consequences.
Third-Party Risk Management: Developing formal processes for evaluating and monitoring cloud and AI vendors.
3. Financial Governance
Note that successful IT oversight isn’t just about meeting a firm’s legal responsibilities, though, says Tresatti. Rather, it’s about making sure that assets and tools are utilized responsibly, effectively and in a fashion that most cost-efficiently benefits customers and key stakeholders across the organization. Effective financial governance ensures optimal resource allocation and cost management – and provides maximum ROI from every cloud or AI investment. That means having to concentrate on the following topics when plotting an oversight strategy as well.
Budget Planning and Control: Putting processes in place for forecasting, allocating, and monitoring IT expenditures.
Cost Optimization: Implementing continuous optimization practices, including rightsizing, reserved instances, and workload scheduling.
Chargeback/Showback: Creating transparent mechanisms for allocating costs to business units based on consumption.
Value Tracking: Developing metrics and processes for measuring realized business value from cloud and AI investments.
4. Operational Oversight
Of course, in addition to regulatory and financial controls, building a successful governance strategy for a more connected and intelligent enterprise also requires putting formalized structures and frameworks that promote best operating practices in place. Doing so not only helps maintain maximum productivity and uptime, but also optimal allocation of people and resources across the organization. As a general rule, the practice also helps ensure more reliable, efficient, and scalable technology operations for the business, Tresatti notes. Recommend steps to take here would include focusing on:
Service Level Management: Defining, monitoring, and enforcing SLAs for cloud services and AI applications.
Change Management: Establishing processes for managing changes to cloud infrastructure and AI models.
Incident Management: Developing procedures for responding to and resolving operational disruptions.
Performance Monitoring: Implementing continuous monitoring of cloud resources and AI system performance.
5. Data Management
Keep in mind too that given the information-intensive nature of cloud and AI initiatives, and often sensitive nature of the details being exchanged, investing in data governance is also paramount. Any efforts made here aren’t just designed to ensure the integrity and security of information either. Rather, they’re intended to ensure better standardization, categorization, and utilization of materials – and empower actionable insights to be surfaced more readily at every level of the organization. Investing in data governance effectively provides more visibility and insight into every level of a business… and empowers employees to leverage it in more prompt and pronounced fashion. That means thinking about:
Data Classification: Categorizing data based on sensitivity and regulatory requirements.
Data Quality Management: Establishing processes for ensuring the accuracy, completeness, and timeliness of data.
Data Lifecycle Management: Defining policies for data retention, archiving, and deletion.
Metadata Management: Maintaining comprehensive metadata to enable data discovery and lineage tracking.
6. Governing AI Tools & Platforms
That said, given the sheer volume of data typically being juggled, and organizations’ increasingly automated decision-making capabilities, also take note. The introduction of artificial intelligence into any given enterprise also presents singular governance challenges that require specialized approaches to oversight. Instituting supporting regulatory solutions, which cover various aspects of AI training and operations, won’t just help mitigate potential error and bias in information. Doing so, says Tresatti, can also help IT teams more readily ensure that AI models are operating as intended, learning from every exchange, and clocking in peak efficiency and performance.
Areas to consider:
Model Governance: Creating processes for developing, validating, deploying and monitoring AI models.
Explainability Standards: Defining requirements for model transparency based on use case criticality.
Ethical Guidelines: Developing principles and review processes for ensuring ethical AI use.
Human Oversight: Determining appropriate levels of human involvement in AI-driven decisions.
Implementing Effective Governance
As enterprises go about building a cloud and AI governance model, it’s also important to consider the day-to-day activities involved in various programs and specific steps that can be taken to implement them more effectively. After all, like Indu Keri, GM for Nutanix hybrid cloud points out, the lifecycle of AI is actually split into three parts – training, augmentation and inferencing – each of which runs on an entirely different infrastructure which comes with its own demands and requirements.
Planning effective oversight for such extensive technology deployments clearly requires business leaders to put an equally comprehensive range of practical governance procedures and principles in place as part of any given cloud or AI rollout. A quick playbook for designing an overarching cloud and AI oversight strategy follows.
To begin with, it’s important to define roles, responsibilities, and decision rights, said Tresatti:
Executive Sponsorship: Secure C-suite commitment and involvement.
Governance Bodies: Establish committees and working groups with clear mandates.
Roles and Responsibilities: Define specific accountabilities for governance functions.
Decision Rights: Clarify who makes decisions versus who provides input or is informed.
Policies and standards provide guardrails for responsible technology use and should be interwoven across any governance plan:
Policy Hierarchy: Create a structured approach from high-level principles to detailed standards.
Risk-Based Approach: Tailor controls based on data sensitivity and business criticality.
Regular Reviews: Establish processes for updating policies as technologies and requirements evolve.
Processes and controls operationalize governance requirements, and help streamline oversight tasks:
Process Integration: Embed governance checkpoints into existing workflows.
Automation: Leverage tools to automate compliance checks and policy enforcement.
Monitoring and Alerting: Implement systems to detect and report policy violations.
Bear in mind that cloud and AI governance must evolve over time to remain effective, Tresatti notes:
Metrics and Measurement: Develop KPIs to assess governance effectiveness.
Regular Assessments: Conduct periodic reviews of the governance program.
Feedback Loops: Create mechanisms for stakeholders to provide input on governance processes.
For organizations beginning a cloud and AI governance journey, Tresatti recommends taking a phased approach:
Phase 1: Foundation
Conduct a risk assessment to identify critical focus areas
Establish baseline policies for security, compliance, and cost management
Define essential roles and responsibilities
Implement fundamental monitoring capabilities
Phase 2: Maturation
Develop comprehensive policy frameworks
Establish formal governance bodies and processes
Implement automated controls and monitoring
Begin measuring governance effectiveness
Phase 3: Optimization
Refine policies based on operational experience
Automate additional governance processes
Implement advanced analytics for governance insights
Continuously balance control with innovation needs
A Future-Proof Governance Strategy
Given how fast the world of cloud technology and AI now moves, implementing more structured approaches to oversight that allow organizations to effectively evolve governance strategies in turn is also critical. As a result, as part of putting any strategic plan together, it’s not only important to perform tasks like conducting regular governance maturity assessments, routinely benchmarking against industry best practices, and regularly reviewing and updating policies and procedures. It’s also vital to design more flexible approaches to IT oversight that can adapt to changing needs.
This can be done by implementing modular governance frameworks that can be updated incrementally, developing principles-based approaches that can adapt to new contexts, and creating governance sandboxes for testing new approaches, according to Tresatti.
“It’s important to establish regular review cycles for governance structures and policies and adopt a mindset that values adaptation over rigid adherence to established processes,” she said.
“Basically, effective AI and cloud governance isn’t achieved by meeting a single deliverable… rather, it’s an ongoing enterprise capability that must be cultivated by an organization over time, and one whose solutions should evolve with changing times and technologies.”
Scott Steinberg is a business strategist, award-winning professional speaker, trend expert and futurist. He’s the bestselling author of Think Like a Futurist; Make Change Work for You: 10 Ways to Future-Proof Yourself, Fearlessly Innovate, and Succeed Despite Uncertainty; and Fast >> Forward: How to Turbo-Charge Business, Sales, and Career Growth. He’s the president and CEO of BIZDEV: The International Association for Business Development and Strategic Partnerships™. Learn more at www.FuturistsSpeakers.com and LinkedIn.
© 2025 Nutanix, Inc. All rights reserved. For additional information and important legal disclaimers, please go here.
