Many CIOs Looking To Solution Providers For Help Navigating GenAI, Security Challenges: Panel

Top priorities in the midmarket for 2024 include mitigating risks from usage of GenAI and intensifying cyberthreats, according to two senior IT leaders.

As midmarket CIOs continue to face massive risks from generative AI usage and the intensifying cyberthreat environment, there are major opportunities for IT solution and service providers to assist with the challenges, according to two senior IT leaders.

During a panel Tuesday at XChange March 2024, the two midmarket IT leaders expressed many commonalities despite being in very different segments, particularly when it comes to the use of GenAI among employees.

In the wake of the debut of OpenAI’s ChatGPT in late 2022, the Office of District Attorney for the City and County of San Francisco initially had a “no AI” policy for staff, according to Herman Brown, CIO of the office. However, Brown (pictured center) said he recently authored a policy around GenAI to ensure there are some security parameters around the use of the technology.

“There's no way to actually prevent people from using AI,” he said during the session at XChange, which was hosted by CRN parent The Channel Company this week in Orlando, Fla. “We know staff members are using it.”

At Richland, Wash.-based Gesa Credit Union, the organization has similarly recognized that it can’t ban the use of AI outright because, for instance, “we use Salesforce,” said Michael Chunn, assistant vice president of infrastructure and operations at the credit union.

“We can't say we're not going to use AI because it's already out there,” Chunn (pictured right) said. “You just have to be careful.”

While ChatGPT is blocked by the organization, the credit union is exploring the possibility of implementing Microsoft Copilot for Microsoft 365, the tech giant’s fast-growing GenAI tool, to help with tasks such as capturing meeting notes, according to Chunn.

Both CIOs also highlighted the struggles they often face when it comes to procuring new technologies, including in cases where a solution provider partner is not upfront about the full extent of the project.

“There's nothing worse than having a solution partner come out and say, 'Yes, we can do that for you’ — and then you start down that path [and find out] there's additional work and there's additional funding that needs to occur to be able to support that,” Brown said.

The comments during the session underscored the fact that even though a district attorney's office and a credit union may seem to be very different organizations, “they have similar problems” when it comes to IT and security, said Brian Gagnon, CTO at Uprise Partners, a Portland, Maine-based MSP.

The issues around procuring new technologies can be especially difficult for midmarket organizations amid constant cyberattacks and the rapid pace of change on many fronts, Gagnon said.

Ultimately, “they're trying to move faster. And it's hard,” he said.

Bigger Budgets, Focus On Security

On the plus side, half of midmarket organizations do report that they have larger IT budgets for 2024, with a particular focus on increased spending on security and automation, said Adam Dennison (pictured left), vice president of Midsize Enterprise Services at The Channel Company, during the session Tuesday.

According to a recent survey of 130 senior U.S. IT leaders by MES Computing, 68 percent said that security is their biggest priority and 52 percent expect to increase spending on security infrastructure this year.

Meanwhile, cybersecurity and incident management was the top automation project reported in the survey. And when it comes to automation projects, 30 percent of those surveyed are expecting to partner with a solution provider.

The fact that so many organizations are investing in automation for security shows that, at least for now, GenAI is not the primary type of automation that midmarket organizations are focusing on, according to Uprise Partners’ Gagnon.

The type of automation that powers most cybersecurity products today, such as detection tools, “has been around a long time, because it's absolutely necessary,” he said.

Put another way, if shopping for AI was like buying groceries at the store, OpenAI is like the prepared foods section, Gagnon said — nice to have but not essential. The AI-driven automation that has long been used in security tools, on the other hand, is the “milk, bread and eggs,” he said.

Evaluating New Tools

In terms of evaluating new technologies, Brown said the San Francisco district attorney’s office looks at certain products, such as endpoint protection, on an annual basis.

For that critical category of security, “we’re always looking to see whether or not there's a new product, or tool or service, or a better solution out there to switch to,” he said.

Given the intense threats facing Gesa Credit Union, meanwhile, “we’re evaluating technologies weekly, monthly, daily,” Chunn said. “It changes every day [in terms of] the amount of stuff that we have to protect our employees and our members against.”