The last 18 months have seen the increasing importance of technology in driving operational efficiency and innovation. With data growing exponentially each year, there is an urgency for organisations in APAC to make data even more secure, improve the digital infrastructure and bolster resilience. Many are also rapidly moving into AI, experimenting and embedding AI capabilities into their core business operations, and looking for value in return.
Going into 2025, how should they be planning their IT, and what should be their approach and priorities when looking at emerging technologies?
In a wide-ranging iTNews Asia interview with Tom Casey, Splunk’s Senior Vice President, Products & Technology, during his stopover at .conf go in Singapore, we explore these priorities and discuss the critical considerations that businesses and IT are making, or must make – from AI (and GenAI) adoption, removing innovation barriers, overcoming the complexity of data to planning the right cybersecurity strategies and the importance of getting full visibility across the business.
iTNews Asia: You’ve been hearing from the ground and talking to business and tech leaders who are spending on IT. Has there been any concern amongst organisations in using technologies that are emerging? Are new technologies hard to adopt?
A lot of new technologies are independently not hard to adopt. It’s the combination and getting them to work reliably that’s difficult.
We are always talking about making it possible for our customers to see and secure their entire digital footprint. This is important as companies need to innovate. While tech spending may have increased in 2024, they now have to spend a lot more in different areas and the landscape is becoming more complicated. Getting better visibility ultimately gives an organisation more agility.
iTNews Asia: Just a few years ago, CIOs and tech directors were starting to go into the cloud. Today they’re using hybrid and multi clouds. They have to look at AI, remake their IT systems, move from legacy to new, manage complexity while constantly under pressure to innovate. How can they make sense of it all?
There are new technologies you just cannot ignore. The cloud is well established and needs to be part of the strategy, even if companies are in a highly regulated industry, such as a financial services institution, or operating on premise. Hybrid must be part of their story.
Leaders are now trying to get value out of Generative AI. The foundational AI capabilities have been around for two decades, but it’s hitting an inflection curve where every organisation has to respond, manage AI in their infrastructure, and learn how to put it to use.
Adopting AI should be similar to modernisation. It’s like a slider – you don’t want to turn it all the way but shift it slowly. For example, you don’t want to slide all the way to microservices in one go. You have to categorise your systems and figure out which would give you the greatest ROI or agility first.
It is important to start by figuring out which applications you are going to move, and next, identify those you’re never going to move. You then shore that up by investing in better security and observability so you can get better performance and availability.
It may take a little bit of investment to make it easier to improve your uptime and better monitor your traditional systems. Once you can shore up that baseline, and prove that it can work, then you can make a list of the other services you want to go into.
iTNews Asia: When it comes to using new technologies, how different should the approach be for a traditional organisation with a lot of legacy frameworks, compared to a new and digitally inclined business?
A start-up or new company can assume more risks with new technologies. However, as they grow, they will hit a point where they need to consider issues such as availability, scale, security, compliance and certification in their geographies.
Conversely, mature organisations are more established and can focus on new innovation. They may appear slower to start, but they can solve the problems of scale more easily. They will actually gain speed in their delivery to market by virtue of their pre-existing maturity. However, this also requires a cultural change, and that is probably the hardest thing for mature organisations.
iTNews Asia: One of the challenges organisations constantly face is managing data and its exponential growth – the sheer volume, velocity and variety of data, including both structured and unstructured data, that keep increasing. Do you see data, or a lack thereof, as the greatest obstacle to innovation?
I will say that data is the difference maker for AI – having better data and insights allows you to train better models. In absolute terms, harnessing data is the biggest challenge.
Some studies show that 90 percent of the world’s data was only created in the last two years. Companies are getting overwhelmed and are often unable to make sense of all this data. We are focused at trying to change the way they leverage the data so they can connect and protect every part of their organisation.
A lot of that data is operational exhaust, it’s telemetry, information about the applications that are flowing around the users, the devices that are coming and going and how they are connecting and the quality of service conversations. They affect the end user experience – and the users you should care the most are your employees and their productivity; as well as your customers and their experience they have with you.
iTNews Asia: What should organisations do with the data that resides from years back, some of which is just dirty and bad data? Should they start afresh and build new data that can be effective, rather than trying to manage the different silos?
I think it depends on the market you are in and the potential value of the old data. Against this backdrop of the data growth explosion, what companies must do right now is revisit their data strategies and look at how they are managing and classifying their data.
We are now helping our customers through that process of considering their data strategy and their classification. We use Mitre as a framework for scoring risks and security, particularly with the public sector and commercial companies. We help them figure out which data is most operationally relevant, which data is most analytically relevant and what percentage of data to retain. How to use the data for ad hoc analytics and decision making, or in support and discovery.
People used to think of data as what they need to save and what they need to access. That line is becoming grey. Organisations need to shift from thinking about storage and archiving towards thinking about federating their data, and managing the policies by how they federate that data consistently, and using tools from vendors like us to help enable federation.
iTNews Asia: When looking at AI, how should an organisation start? Many are thinking, ‘I’m looking at all the AI hype but I want to be careful, start to experiment, do some AI internally and see where it goes.’
We’ve hit that inflection point in both practical adoption and in the hype curve that every business need to be taking advantage of or exploring AI in some way.
Over the last two years, I’ve also seen many proof of concepts that have not turned into production. Where companies need to start with AI is to first ask: What are your own AI principles? What are your fair use practices and principles? Are you going to allow employees to use, open AI and public AI software, or are you going to allow it to be embedded in applications?
Companies need to get those principles defined quickly and get some projects going so that you have some momentum, and activity. And then turn to folks like us and ask: “What are you doing with AI that can help me?”
iTNews Asia: Has there been any organisation you know who are thinking of AI, but hazy over regulation and (the need for) compliance, and held back by these worries?
I don’t think they are hazy. You can be overly aggressive or sloppy in bringing things to market, but the majority of regulations globally are oriented towards privacy and protecting consumers and their data. These same controls will apply to AI.
iTNews Asia: Is there a need for more top down oversight to set the principles in place, to make sure that you don’t do unnecessary things when you’re experimenting in AI? Are there best approaches we can look at?
You need not just top down, but top down sponsorship for those initiatives. You must have someone who focuses on legal privacy issues, someone who looks at the product, marketing, customer service, productivity etc. You need to include both the tech and infrastructure people on an AI committee from the top down.
You also have to balance between the amount of risk you will accept and the types of use of AI that you will allow in your organisation. You need alignment amongst all the different groups. If you approach it from only one of those vectors, you can become too permissive or too restrictive in your use of AI. You need to have AI principles, be ready with an AI strategy and be able to roll that out. If you don’t, you’re going to fall behind.
– Tom Casey, Senior Vice President, Products and Technology, Splunk
iTNews Asia: What is your perspective on Gen AI compared to traditional AI? Will Gen AI be best measured in how we innovate, or become faster or more flexible, or in reducing costs?
The value of Gen AI is the same as foundational AI. It improves productivity and our reach. Maybe Gen AI amplifies the creative a little more than foundational AI. Fundamentally, AI is not new, it’s been around for a long time. We’ve introduced our machine learning toolkit for Splunk in 2015 and machine learning has been around a lot longer than that.
While Gen AI may be new, the reality is every organisation needs to have an AI strategy that values using the right tool for the right job. Which means using statistical methods, using machine learning and using foundational AI or Gen AI capabilities. What is also new is the accelerated adoption of Gen AI.
The danger is when organisations try to overuse Gen AI – when they shift so heavily in Gen AI to do everything, versus relying on foundational AI in some applications, they may not get as good or as reliable of an outcome they want.
iTNews Asia: Are there certain industries that are at a more distinct advantage when using Gen AI? If you look at the FSI industry, they have been using AI for a very long time, and they seem to be clear with what they want to do.
I had a customer in software development at a IT shop where a lot of the job involved doing repetitive tasks. Using Gen AI, a new graduate quickly became 20 percent more productive. Gen AI provides the greatest amount of productivity gains in knowledge-based job roles.
One of the leading place getting real production benefits from Gen AI today have been in sectors like call centres. In a call centre, you can rapidly decrease the learning curve and increase the productivity of an individual.
(In the FSI industry), financial services already have well-formed policies, good data handling, classification, privacy and regulations in place. They are also in a better position as they have been using AI for a period of time. This was reflected in my conversations with customers in Singapore and they seem to be have more clarity around what they’re going to do.
iTNews Asia: It is easier and cheaper today for cyber criminals to use AI to launch an attack on a business, then it is for the business to build an effective defence?
AI aids these attackers and lowers the barrier for them to be effective. The biggest place that we see this happening now is in (the rise of) social engineering attacks through deep fake videos and phishing emails. The good news is there are plenty of tell-tale signs about a fake video or a phish. It comes down to the business responding fast enough, training their people and making sure that they’re investing in the right kind of software to automatically detect them.
AI can be well-engineered and deployed smartly by an organisation embedded in enterprise security tools. (By doing so) and in the long run, it elevates a company’s ability to understand its full environment, whether it’s the digital environment or its footprint, and to be able to secure the entire environment.
In the short run, (these social engineering attacks) are like almost any major new emerging technology that makes it easier for a bad actor to write some code or spoof some information. These bad actors may gain proportionately more, it may be a little easier for them now but it’s only temporary. In the long run, AI actually helps harden the environment.
iTNews Asia: Given the growth, speed and scale of cyberattacks today, should an organisation change its cyber defence strategy compared to, say, two years ago?
If anything, the urgency increases as an organisation matures. You need to be more in-depth in your defence and have more automation in your environment so you can respond and contain things quicker. This urgency around maturing security practices is (even greater now) and accelerated by Gen AI.
iTNews Asia: IT decision makers today cannot afford to make single technology decisions or plan in isolation as there is multi-dimensional relationship between data, AI and cyber security in whatever they’re doing and spending on. Do they need to think more progressively when planning their IT infrastructure?
I think they have to more progressive around visibility. If you are building a new service, you need to be able to monitor and understand how its performing and how customers are engaging with it.
What needs to be baked in is the need for the management of data visibility, knowing how the system or service is operating and making sure that it is secure. You need unified security and observability to achieve true resilience.