rssitbuyer

Exposure-Informed Continuous Compliance Framework for Buyers

Philip D. Harris, CISSP, CCSK, Michelle Abraham — Tue, 12 May 2026 04:00:00 GMT

This IDC Perspective discusses exposure-informed continuous compliance framework. Cybersecurity compliance is shifting from periodic, siloed audit activity to continuous, integrated assurance. Continuous compliance, vulnerability management, attack surface management, and exposure management are converging as organizations seek real-time visibility, defensible evidence, and faster remediation across increasingly complex regulatory, operational, and technology environments. The exposure-informed continuous compliance methodology responds by making the business-relevant exposure, not the isolated finding, the core unit of management. It connects exposures to assets, controls, obligations, owners, remediation, and machine-readable evidence, enabling risk-based prioritization, reusable proof, and continuous validation of control effectiveness. The exposure-informed continuous compliance reference model operationalizes this approach through integrated data, decision, workflow, evidence, and reporting layers. Together, these layers turn compliance into a live, exposure-aware process that supports audit readiness, regulatory alignment, and measurable cyber-risk reduction.

“Future cybersecurity compliance will depend on exposure-informed continuous compliance,” says Philip Harris, research director, Governance, Risk, and Compliance Solutions at IDC. “This is where vulnerabilities, attack surface issues, exposures, control compliance issues, and evidence are managed as one continuously validated system rather than as disconnected tools, audits, and reporting streams.”

“The exposure-informed continuous compliance framework is becoming necessary for increased cybersecurity resilience for organizations,” says Michelle Abraham, senior director, Research Cybersecurity Research at IDC. “This is primarily because organizations must move beyond proving controls exist to continuously proving they work, are owned, reduce meaningful exposure, and generate reusable evidence across regulatory obligations.”

IBM Think 2026: An AI Operating Model Takes Shape Across Agents, Security, and the Platform

Jim Mercer — Tue, 12 May 2026 04:00:00 GMT

IBM's Think 2026 conference, held on May 5 in Boston, delivered a cohesive set of announcements to support AI adoption across the enterprise. The company organized its announcements around an AI Operating Model, built on four interdependent pillars: agents, data, automation, and hybrid. The announcements from the event were intended to address the gap IBM has identified between AI investment and AI ROI, a challenge that IDC research confirms is pervasive across enterprise organizations. The announcements from IBM Think promoted a shift from an AI experimentation mentality to leveraging AI to rethink business processes, making it a competitive differentiator rather than treating it as just a technology.

IREN Acquires Mirantis – Pairing AI Capacity with an Open, Portable, AI Deployment Platform

Gary Chen, Matthew Flug — Tue, 12 May 2026 04:00:00 GMT

IREN has announced an agreement to acquire Mirantis, combining IREN's data center capacity and GPU footprint with Mirantis's infrastructure software, deployment services, and open source expertise. Notably, IREN intends to allow Mirantis to continue operating independently, ensuring the company can maintain its commitment to building open standards for the broader industry. The transaction reflects a broader consolidation of capacity, platform, runtime, deployment, and management layers in AI infrastructure as buyers move toward integrated "AI factory" platforms.

Atlassian Team '26: Teamwork Graph Emerges as an Organizational Context Layer for Agentic Development

Adam Resnick — Mon, 11 May 2026 04:00:00 GMT

Broadcom Announces VMware Cloud Foundation 9.1, Demonstrating Continued Investment in the VCF Platform

Adam Reeves — Mon, 11 May 2026 04:00:00 GMT

On May 5, 2026, Broadcom announced VMware Cloud Foundation (VCF) 9.1, spanning infrastructure efficiency, application delivery, and cyber resilience with a specific focus on private AI workloads. The release converts a set of forward-looking commitments made at VMware Explore 2025 into delivered capabilities and demonstrates Broadcom's continued investment in the VCF platform.

CIO Peer Perspective — IT Market Outlook and Leadership in Uncertain Times

Teodora Snoddy, Rick Villars — Mon, 11 May 2026 04:00:00 GMT

This IDC Perspective discusses the CIO peer perspective on IT market outlook and leadership in uncertain times. This year, economic consequences from policy decisions are materializing, and geopolitical consequences are unfolding amid tension from unpredictable world leaders. C-suite executives are leaning on their CIO and technology teams to navigate uncertainty, using technology to enable strategic decision-making and sustain operational resilience.

To assess the impact and what comes next, we brought together IDC's latest data with insights from Chief Analyst Rick Villars, alongside our CIO Research Advisory board, to examine the implications for IT organizations.

"Much of the CEO's success this year will be driven by the CIO's ability to execute. Amid geopolitical, economic, and technological disruption, CIOs must continue to lead AI beyond experimentation to drive measurable business impact while continuously managing resilient operations. " — Teodora Snoddy, research manager, IDC

Reflections on RSAC 2026: The AI Foundation Sets While Legacy Challenges Promise Future Cracks

Christopher Rodriguez — Mon, 11 May 2026 04:00:00 GMT

This IDC Perspective provides a retrospective analysis of the most pertinent application security topics and key takeaways from the RSA Conference. AI dominated RSA Conference 2026 narratives, but the real story is the gap between ambition and readiness and between risk and reward. Most organizations are building AI-powered applications but look to security providers to provide assurance. While a litany of dedicated AI-security solutions has emerged, and some AI companies have made marketable concessions, real gaps remain.

"In the era of AI cyberweapons and manifestos, security is the true indicator for AI readiness," said Christopher Rodriguez, research director, IDC Security and Trust. "Beyond simple adoption of LLMs to protect other LLMs, security providers may have to explore beyond familiar boundaries to find new sources of intelligence as part of their bigger mission to defend against exploit, theft, fraud, and abuse."

SUSECON 2026 Highlights: Geeko Goes AI and Sovereign

Ashish Nadkarni, Shahin Hashim, Gary Chen, Max Pepper — Mon, 11 May 2026 04:00:00 GMT

SUSE is a company on a mission. It is making a concerted attempt to shift from a (Linux-centric) platform vendor to a full-stack open source infrastructure company. SUSE's announcements reflect timely attention to three converging enterprise pressures: enterprise AI deployment, regulatory and geopolitical complexity, and VMware licensing.

"With quite a few strategic bets in place, SUSE could quickly catapult ahead of its competition in terms of a strategic partners to enterprises that are focused on embracing modern, hybrid cloud, and AI-ready infrastructure," says Ashish Nadkarni, GVP/GM, Enterprise Infrastructure, IDC.

The Data Scientist in the AI Era: Opportunity Knocks

Stanley B. Gibson — Mon, 11 May 2026 04:00:00 GMT

This IDC Perspective looks at the role of data scientist in the AI era. A decade and more ago, the emergence of big data shined a spotlight on data scientists whose expertise in understanding statistics and probability was critical in extracting predictive analytics insights. Much has changed since then. AI is now center stage, while big data insights have become more readily accessible thanks to the emergence of data lakehouses. Contrary to predictions of the demise of the data scientists, there are plenty of data scientists currently hard at work and data science jobs are growing faster than other jobs across the economy. Data scientists who embrace AI will fuel this growth. Their understanding of data, and their statistical and probability skills, are vital to the creation and evaluation of AI models.

"Data scientists not only remain relevant but are extremely important in the age of AI. Their knowledge of statistics and probability makes them indispensable. And data scientists are uniquely qualified to fill the role of HITL, diligently applying their knowledge to ensure that AI realizes its often astonishing potential," says Stanley B. Gibson, adjunct research advisor for IDC's Executive Programs (IEP).

Workiva Delivers Strong 1Q26 Results, Approaches $1 Billion ARR Milestone

Philip D. Harris, CISSP, CCSK — Mon, 11 May 2026 04:00:00 GMT

Workiva's 1Q26 results — highlighted by 21% subscription revenue growth, 20% total revenue growth, 97% gross retention, and 112% net retention — approach $1 billion in ARR, signaling clear category leadership in integrated governance, risk, and compliance (GRC) and financial reporting. The launch of its AI-powered audit, risk, and controls platform reinforces a decisive market shift toward platform consolidation, positioning Workiva as a mission-critical enterprise infrastructure. However, growing competitive pressure from incumbent technology players such as SAP and ServiceNow poses a significant challenge, requiring Workiva to sustain differentiation through domain expertise and continuous AI innovation.