Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

The security vendor community has done something impressive with the Zero Trust concept: it has taken a principled architectural framework that requires organizational discipline, policy definition, and sustained implementation effort, and repackaged it as a product category that can be purchased and deployed. The repackaging is commercially effective. It is also misleading in a way that causes organizations to believe they have implemented Zero Trust when they have purchased a tool.

Hardware asset management — knowing what physical devices the organization owns, where they are, who has them, what software is installed on them, and when they need to be refreshed or retired — is foundational to almost every other IT function. Security teams need accurate asset inventory to understand their attack surface. Support teams need device configuration data to resolve issues efficiently. Finance teams need asset records for depreciation and insurance. Procurement teams need lifecycle data to plan refresh cycles.

Phishing has been the leading initial access vector for enterprise breaches for over a decade. Security awareness training — the annual compliance exercise that organizations deploy to satisfy auditors and reduce cyber insurance premiums — has been the dominant organizational response for the same period. The training has not significantly reduced phishing click rates in most organizations. The reasons are structural, not motivational, and the solutions require technical controls rather than behavioral ones.

Ransomware preparation is the security investment that organizations discover the quality of during the worst possible moment. The backup strategy that was designed but not tested reveals its gaps when the organization needs to restore from it. The incident response plan that was written but not rehearsed reveals its gaps when the team is trying to execute it under pressure. The cyber insurance policy that was procured but not fully read reveals its requirements when the claim is filed.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

Low-code and no-code platforms arrived with a promise that has been partially delivered and significantly oversold: that business users without programming backgrounds could build the software applications they needed without depending on IT development teams. The partially-delivered part is real. Workflow automation tools like Power Automate, Zapier, and Make have genuinely enabled business users to build integrations and automations that previously required developer time. The oversold part is the claim that this capability extends to applications of arbitrary complexity.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

The average organization with 500 to 1,000 employees is running between 100 and 200 SaaS applications. A fraction of those are managed by IT. The rest were procured by individual departments, teams, and employees using corporate credit cards, expense reports, and in some cases personal cards that get reimbursed. The finance team knows about the ones with purchase orders. The IT team knows about the ones that went through the security review queue. Nobody knows about all of them.

Vulnerability management programs have a dirty secret that annual security assessments and compliance audits politely decline to examine: the remediation backlog. Organizations that have deployed vulnerability scanners — Tenable, Qualys, Rapid7 — know their vulnerability count precisely. Most of them have more open vulnerabilities than they will remediate in the coming year. Many have more open vulnerabilities than they will remediate in the next three years at their current remediation pace.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

Low-code and no-code platforms arrived with a promise that has been partially delivered and significantly oversold: that business users without programming backgrounds could build the software applications they needed without depending on IT development teams. The partially-delivered part is real. Workflow automation tools like Power Automate, Zapier, and Make have genuinely enabled business users to build integrations and automations that previously required developer time. The oversold part is the claim that this capability extends to applications of arbitrary complexity.

Endpoint Detection and Response platforms replaced antivirus as the dominant endpoint security technology on the basis that signature-based detection could not keep pace with the volume and variety of modern malware. The replacement was justified. EDR’s behavioral detection, continuous telemetry, and forensic capability represent a genuine improvement over signature-based antivirus in detecting and investigating endpoint threats.

The marketing that followed — the promise of comprehensive endpoint security that would significantly reduce breach frequency and impact — overstated what the technology can deliver. EDR is better than what it replaced. It is not the endpoint security solution. Endpoints continue to be compromised at scale in organizations running mature EDR deployments because the threats that matter most have adapted to operate within the behavioral envelope that EDR considers legitimate.

Phishing has been the leading initial access vector for enterprise breaches for over a decade. Security awareness training — the annual compliance exercise that organizations deploy to satisfy auditors and reduce cyber insurance premiums — has been the dominant organizational response for the same period. The training has not significantly reduced phishing click rates in most organizations. The reasons are structural, not motivational, and the solutions require technical controls rather than behavioral ones.

The self-service IT portal is one of enterprise IT’s most persistent good ideas with consistently poor implementation. The idea is sound: employees who can resolve their own IT issues without contacting the helpdesk reduce the support burden, resolve their issues faster, and build a level of IT self-sufficiency that benefits the organization. The implementation failure is that self-service portals are almost universally designed to make it easy for IT to publish content rather than easy for employees to find solutions to their problems.

Endpoint Detection and Response platforms replaced antivirus as the dominant endpoint security technology on the basis that signature-based detection could not keep pace with the volume and variety of modern malware. The replacement was justified. EDR’s behavioral detection, continuous telemetry, and forensic capability represent a genuine improvement over signature-based antivirus in detecting and investigating endpoint threats.

The marketing that followed — the promise of comprehensive endpoint security that would significantly reduce breach frequency and impact — overstated what the technology can deliver. EDR is better than what it replaced. It is not the endpoint security solution. Endpoints continue to be compromised at scale in organizations running mature EDR deployments because the threats that matter most have adapted to operate within the behavioral envelope that EDR considers legitimate.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

The four-year PC refresh cycle that became standard in enterprise IT during the 2010s was a budget optimization made under specific conditions: hardware improvements were incremental, Windows 7 was stable, and the marginal productivity gain from newer hardware was not large enough to justify more frequent refresh. Those conditions no longer hold. The PC refresh cycle at many organizations has stretched to five, six, and in some cases seven years without a corresponding assessment of whether the extended cycle is actually saving money.

Enterprise software procurement moves at a pace that the software it is trying to purchase has long since left behind. The average procurement cycle for a mid-market enterprise software purchase — from initial vendor identification to signed contract — runs between four and nine months. The software category the procurement team is evaluating will have shipped multiple major releases during that period. The requirements documentation that anchored the evaluation will have drifted from what the business actually needs. The vendor selected may have been acquired.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Hardware asset management — knowing what physical devices the organization owns, where they are, who has them, what software is installed on them, and when they need to be refreshed or retired — is foundational to almost every other IT function. Security teams need accurate asset inventory to understand their attack surface. Support teams need device configuration data to resolve issues efficiently. Finance teams need asset records for depreciation and insurance. Procurement teams need lifecycle data to plan refresh cycles.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

The four-year PC refresh cycle that became standard in enterprise IT during the 2010s was a budget optimization made under specific conditions: hardware improvements were incremental, Windows 7 was stable, and the marginal productivity gain from newer hardware was not large enough to justify more frequent refresh. Those conditions no longer hold. The PC refresh cycle at many organizations has stretched to five, six, and in some cases seven years without a corresponding assessment of whether the extended cycle is actually saving money.

The IT support model that existed before 2020 was built around physical proximity. The helpdesk sat in the office building. Employees who needed support walked to the helpdesk or the helpdesk walked to the employee. Hardware issues were resolved by hand. The model had inefficiencies — the helpdesk was idle when nobody needed support, and wait times were unpredictable — but it had a ceiling on support complexity that physical access naturally enforced.

Every IT organization with a persistent ticket backlog treats the backlog as the problem and measures progress by reducing it. This is the wrong frame. A ticket backlog is the visible manifestation of a supply-demand imbalance in IT support capacity — the result of a problem, not the problem itself. Treating the backlog as the target produces solutions that attack the symptom: hiring more helpdesk staff, implementing triage automation to move tickets faster, setting SLA targets that create pressure to close tickets quickly. None of these address why the tickets were created in the first place.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

The IT support model that existed before 2020 was built around physical proximity. The helpdesk sat in the office building. Employees who needed support walked to the helpdesk or the helpdesk walked to the employee. Hardware issues were resolved by hand. The model had inefficiencies — the helpdesk was idle when nobody needed support, and wait times were unpredictable — but it had a ceiling on support complexity that physical access naturally enforced.

The security vendor community has done something impressive with the Zero Trust concept: it has taken a principled architectural framework that requires organizational discipline, policy definition, and sustained implementation effort, and repackaged it as a product category that can be purchased and deployed. The repackaging is commercially effective. It is also misleading in a way that causes organizations to believe they have implemented Zero Trust when they have purchased a tool.

Ransomware preparation is the security investment that organizations discover the quality of during the worst possible moment. The backup strategy that was designed but not tested reveals its gaps when the organization needs to restore from it. The incident response plan that was written but not rehearsed reveals its gaps when the team is trying to execute it under pressure. The cyber insurance policy that was procured but not fully read reveals its requirements when the claim is filed.

Endpoint Detection and Response platforms replaced antivirus as the dominant endpoint security technology on the basis that signature-based detection could not keep pace with the volume and variety of modern malware. The replacement was justified. EDR’s behavioral detection, continuous telemetry, and forensic capability represent a genuine improvement over signature-based antivirus in detecting and investigating endpoint threats.

The marketing that followed — the promise of comprehensive endpoint security that would significantly reduce breach frequency and impact — overstated what the technology can deliver. EDR is better than what it replaced. It is not the endpoint security solution. Endpoints continue to be compromised at scale in organizations running mature EDR deployments because the threats that matter most have adapted to operate within the behavioral envelope that EDR considers legitimate.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

Hardware asset management — knowing what physical devices the organization owns, where they are, who has them, what software is installed on them, and when they need to be refreshed or retired — is foundational to almost every other IT function. Security teams need accurate asset inventory to understand their attack surface. Support teams need device configuration data to resolve issues efficiently. Finance teams need asset records for depreciation and insurance. Procurement teams need lifecycle data to plan refresh cycles.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

The four-year PC refresh cycle that became standard in enterprise IT during the 2010s was a budget optimization made under specific conditions: hardware improvements were incremental, Windows 7 was stable, and the marginal productivity gain from newer hardware was not large enough to justify more frequent refresh. Those conditions no longer hold. The PC refresh cycle at many organizations has stretched to five, six, and in some cases seven years without a corresponding assessment of whether the extended cycle is actually saving money.

Every IT organization with a persistent ticket backlog treats the backlog as the problem and measures progress by reducing it. This is the wrong frame. A ticket backlog is the visible manifestation of a supply-demand imbalance in IT support capacity — the result of a problem, not the problem itself. Treating the backlog as the target produces solutions that attack the symptom: hiring more helpdesk staff, implementing triage automation to move tickets faster, setting SLA targets that create pressure to close tickets quickly. None of these address why the tickets were created in the first place.

The IT support model that existed before 2020 was built around physical proximity. The helpdesk sat in the office building. Employees who needed support walked to the helpdesk or the helpdesk walked to the employee. Hardware issues were resolved by hand. The model had inefficiencies — the helpdesk was idle when nobody needed support, and wait times were unpredictable — but it had a ceiling on support complexity that physical access naturally enforced.

Hardware asset management — knowing what physical devices the organization owns, where they are, who has them, what software is installed on them, and when they need to be refreshed or retired — is foundational to almost every other IT function. Security teams need accurate asset inventory to understand their attack surface. Support teams need device configuration data to resolve issues efficiently. Finance teams need asset records for depreciation and insurance. Procurement teams need lifecycle data to plan refresh cycles.

The self-service IT portal is one of enterprise IT’s most persistent good ideas with consistently poor implementation. The idea is sound: employees who can resolve their own IT issues without contacting the helpdesk reduce the support burden, resolve their issues faster, and build a level of IT self-sufficiency that benefits the organization. The implementation failure is that self-service portals are almost universally designed to make it easy for IT to publish content rather than easy for employees to find solutions to their problems.

Every IT organization with a persistent ticket backlog treats the backlog as the problem and measures progress by reducing it. This is the wrong frame. A ticket backlog is the visible manifestation of a supply-demand imbalance in IT support capacity — the result of a problem, not the problem itself. Treating the backlog as the target produces solutions that attack the symptom: hiring more helpdesk staff, implementing triage automation to move tickets faster, setting SLA targets that create pressure to close tickets quickly. None of these address why the tickets were created in the first place.

The self-service IT portal is one of enterprise IT’s most persistent good ideas with consistently poor implementation. The idea is sound: employees who can resolve their own IT issues without contacting the helpdesk reduce the support burden, resolve their issues faster, and build a level of IT self-sufficiency that benefits the organization. The implementation failure is that self-service portals are almost universally designed to make it easy for IT to publish content rather than easy for employees to find solutions to their problems.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

The four-year PC refresh cycle that became standard in enterprise IT during the 2010s was a budget optimization made under specific conditions: hardware improvements were incremental, Windows 7 was stable, and the marginal productivity gain from newer hardware was not large enough to justify more frequent refresh. Those conditions no longer hold. The PC refresh cycle at many organizations has stretched to five, six, and in some cases seven years without a corresponding assessment of whether the extended cycle is actually saving money.

Every enterprise IT organization is running software it should have replaced years ago. The system is old enough that the vendor who originally built it may no longer exist. The employees who know how it works are approaching retirement or have already left. The documentation, if it ever existed, is incomplete or missing. The integration with everything else in the technology stack was built on assumptions that have since changed. The system runs critical business processes that the organization cannot operate without.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

Hardware asset management — knowing what physical devices the organization owns, where they are, who has them, what software is installed on them, and when they need to be refreshed or retired — is foundational to almost every other IT function. Security teams need accurate asset inventory to understand their attack surface. Support teams need device configuration data to resolve issues efficiently. Finance teams need asset records for depreciation and insurance. Procurement teams need lifecycle data to plan refresh cycles.

Low-code and no-code platforms arrived with a promise that has been partially delivered and significantly oversold: that business users without programming backgrounds could build the software applications they needed without depending on IT development teams. The partially-delivered part is real. Workflow automation tools like Power Automate, Zapier, and Make have genuinely enabled business users to build integrations and automations that previously required developer time. The oversold part is the claim that this capability extends to applications of arbitrary complexity.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Endpoint Detection and Response platforms replaced antivirus as the dominant endpoint security technology on the basis that signature-based detection could not keep pace with the volume and variety of modern malware. The replacement was justified. EDR’s behavioral detection, continuous telemetry, and forensic capability represent a genuine improvement over signature-based antivirus in detecting and investigating endpoint threats.

The marketing that followed — the promise of comprehensive endpoint security that would significantly reduce breach frequency and impact — overstated what the technology can deliver. EDR is better than what it replaced. It is not the endpoint security solution. Endpoints continue to be compromised at scale in organizations running mature EDR deployments because the threats that matter most have adapted to operate within the behavioral envelope that EDR considers legitimate.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Every enterprise IT organization is running software it should have replaced years ago. The system is old enough that the vendor who originally built it may no longer exist. The employees who know how it works are approaching retirement or have already left. The documentation, if it ever existed, is incomplete or missing. The integration with everything else in the technology stack was built on assumptions that have since changed. The system runs critical business processes that the organization cannot operate without.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

Kyndryl (NYSE: KD) has been recognized as a Leader in three categories of the 2026 ISG Provider Lens™ Mainframes — Services and Solutions Report: Mainframe Technology Consulting, Mainframe as a Service (MFaaS), and Application Modernization Services. The triple recognition from ISG, an independent technology research and advisory firm, positions Kyndryl among the top-tier providers supporting enterprises running mission-critical mainframe workloads through a period of compounding modernization pressure.

In the Mainframe Technology Consulting quadrant, ISG cited Kyndryl’s strategy and assessment-led methodology, its targeted infrastructure optimization approach, and its hybrid cloud integration focus. The report highlighted the role of Kyndryl Bridge and agentic AI-enabled automated discovery in delivering operational insights across discrete engagements and multi-year transformation programs alike. For MFaaS, ISG noted Kyndryl’s large global outsourcing footprint and the breadth of its consumption models, which range from customer-owned environments to shared platforms including zCloud and C4i, alongside continued investment in AI-driven autonomy and observability. In Application Modernization Services, ISG recognized the company’s end-to-end approach spanning structured assessments, iterative implementation, and hyperscaler alliances, again underpinned by Kyndryl Bridge and its governance and agentic AI capabilities.

Every enterprise IT organization is running software it should have replaced years ago. The system is old enough that the vendor who originally built it may no longer exist. The employees who know how it works are approaching retirement or have already left. The documentation, if it ever existed, is incomplete or missing. The integration with everything else in the technology stack was built on assumptions that have since changed. The system runs critical business processes that the organization cannot operate without.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

The security vendor community has done something impressive with the Zero Trust concept: it has taken a principled architectural framework that requires organizational discipline, policy definition, and sustained implementation effort, and repackaged it as a product category that can be purchased and deployed. The repackaging is commercially effective. It is also misleading in a way that causes organizations to believe they have implemented Zero Trust when they have purchased a tool.

Low-code and no-code platforms arrived with a promise that has been partially delivered and significantly oversold: that business users without programming backgrounds could build the software applications they needed without depending on IT development teams. The partially-delivered part is real. Workflow automation tools like Power Automate, Zapier, and Make have genuinely enabled business users to build integrations and automations that previously required developer time. The oversold part is the claim that this capability extends to applications of arbitrary complexity.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

Vulnerability management programs have a dirty secret that annual security assessments and compliance audits politely decline to examine: the remediation backlog. Organizations that have deployed vulnerability scanners — Tenable, Qualys, Rapid7 — know their vulnerability count precisely. Most of them have more open vulnerabilities than they will remediate in the coming year. Many have more open vulnerabilities than they will remediate in the next three years at their current remediation pace.

The four-year PC refresh cycle that became standard in enterprise IT during the 2010s was a budget optimization made under specific conditions: hardware improvements were incremental, Windows 7 was stable, and the marginal productivity gain from newer hardware was not large enough to justify more frequent refresh. Those conditions no longer hold. The PC refresh cycle at many organizations has stretched to five, six, and in some cases seven years without a corresponding assessment of whether the extended cycle is actually saving money.

Phishing has been the leading initial access vector for enterprise breaches for over a decade. Security awareness training — the annual compliance exercise that organizations deploy to satisfy auditors and reduce cyber insurance premiums — has been the dominant organizational response for the same period. The training has not significantly reduced phishing click rates in most organizations. The reasons are structural, not motivational, and the solutions require technical controls rather than behavioral ones.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

Corporate laptop procurement has not kept pace with the changes in how knowledge workers use their devices. The procurement criteria that dominated enterprise laptop purchasing for the past fifteen years — Windows compatibility, Intel processor, specific RAM and storage tiers, corporate image support — are still driving purchasing decisions in organizations where the actual requirements have shifted materially. The mismatch produces laptops that are enterprise-manageable but mediocre for the work employees actually do.

Enterprise software procurement moves at a pace that the software it is trying to purchase has long since left behind. The average procurement cycle for a mid-market enterprise software purchase — from initial vendor identification to signed contract — runs between four and nine months. The software category the procurement team is evaluating will have shipped multiple major releases during that period. The requirements documentation that anchored the evaluation will have drifted from what the business actually needs. The vendor selected may have been acquired.

Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

Ransomware preparation is the security investment that organizations discover the quality of during the worst possible moment. The backup strategy that was designed but not tested reveals its gaps when the organization needs to restore from it. The incident response plan that was written but not rehearsed reveals its gaps when the team is trying to execute it under pressure. The cyber insurance policy that was procured but not fully read reveals its requirements when the claim is filed.

Ransomware preparation is the security investment that organizations discover the quality of during the worst possible moment. The backup strategy that was designed but not tested reveals its gaps when the organization needs to restore from it. The incident response plan that was written but not rehearsed reveals its gaps when the team is trying to execute it under pressure. The cyber insurance policy that was procured but not fully read reveals its requirements when the claim is filed.

The IT support model that existed before 2020 was built around physical proximity. The helpdesk sat in the office building. Employees who needed support walked to the helpdesk or the helpdesk walked to the employee. Hardware issues were resolved by hand. The model had inefficiencies — the helpdesk was idle when nobody needed support, and wait times were unpredictable — but it had a ceiling on support complexity that physical access naturally enforced.

Vulnerability management programs have a dirty secret that annual security assessments and compliance audits politely decline to examine: the remediation backlog. Organizations that have deployed vulnerability scanners — Tenable, Qualys, Rapid7 — know their vulnerability count precisely. Most of them have more open vulnerabilities than they will remediate in the coming year. Many have more open vulnerabilities than they will remediate in the next three years at their current remediation pace.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

The average organization with 500 to 1,000 employees is running between 100 and 200 SaaS applications. A fraction of those are managed by IT. The rest were procured by individual departments, teams, and employees using corporate credit cards, expense reports, and in some cases personal cards that get reimbursed. The finance team knows about the ones with purchase orders. The IT team knows about the ones that went through the security review queue. Nobody knows about all of them.

Enterprise software procurement moves at a pace that the software it is trying to purchase has long since left behind. The average procurement cycle for a mid-market enterprise software purchase — from initial vendor identification to signed contract — runs between four and nine months. The software category the procurement team is evaluating will have shipped multiple major releases during that period. The requirements documentation that anchored the evaluation will have drifted from what the business actually needs. The vendor selected may have been acquired.

Vulnerability management programs have a dirty secret that annual security assessments and compliance audits politely decline to examine: the remediation backlog. Organizations that have deployed vulnerability scanners — Tenable, Qualys, Rapid7 — know their vulnerability count precisely. Most of them have more open vulnerabilities than they will remediate in the coming year. Many have more open vulnerabilities than they will remediate in the next three years at their current remediation pace.

Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

Bring Your Own Device policies were adopted by enterprise IT organizations under pressure from employees and leadership who wanted to use their personal devices for work and did not want to carry two phones. The policies were designed hastily, implemented with tools that were not ready for the management requirements they needed to meet, and left in place with minimal review as the security landscape changed around them. The result is a policy category that most IT security professionals acknowledge as a significant exposure and most organizations decline to address because addressing it requires telling employees they cannot use their personal devices for work.

Ransomware preparation is the security investment that organizations discover the quality of during the worst possible moment. The backup strategy that was designed but not tested reveals its gaps when the organization needs to restore from it. The incident response plan that was written but not rehearsed reveals its gaps when the team is trying to execute it under pressure. The cyber insurance policy that was procured but not fully read reveals its requirements when the claim is filed.

Endpoint Detection and Response platforms replaced antivirus as the dominant endpoint security technology on the basis that signature-based detection could not keep pace with the volume and variety of modern malware. The replacement was justified. EDR’s behavioral detection, continuous telemetry, and forensic capability represent a genuine improvement over signature-based antivirus in detecting and investigating endpoint threats.

The marketing that followed — the promise of comprehensive endpoint security that would significantly reduce breach frequency and impact — overstated what the technology can deliver. EDR is better than what it replaced. It is not the endpoint security solution. Endpoints continue to be compromised at scale in organizations running mature EDR deployments because the threats that matter most have adapted to operate within the behavioral envelope that EDR considers legitimate.

Phishing has been the leading initial access vector for enterprise breaches for over a decade. Security awareness training — the annual compliance exercise that organizations deploy to satisfy auditors and reduce cyber insurance premiums — has been the dominant organizational response for the same period. The training has not significantly reduced phishing click rates in most organizations. The reasons are structural, not motivational, and the solutions require technical controls rather than behavioral ones.

The security vendor community has done something impressive with the Zero Trust concept: it has taken a principled architectural framework that requires organizational discipline, policy definition, and sustained implementation effort, and repackaged it as a product category that can be purchased and deployed. The repackaging is commercially effective. It is also misleading in a way that causes organizations to believe they have implemented Zero Trust when they have purchased a tool.

The self-service IT portal is one of enterprise IT’s most persistent good ideas with consistently poor implementation. The idea is sound: employees who can resolve their own IT issues without contacting the helpdesk reduce the support burden, resolve their issues faster, and build a level of IT self-sufficiency that benefits the organization. The implementation failure is that self-service portals are almost universally designed to make it easy for IT to publish content rather than easy for employees to find solutions to their problems.

The cloud versus on-premises debate has settled into a more nuanced position than its early framing suggested. The argument that all workloads should move to cloud and that on-premises infrastructure would become obsolete was oversimplified. The organizations that moved all workloads to cloud and discovered that certain workload categories are more expensive to run in cloud than on-premises have been quietly repatriating those workloads for several years.

The current reality is a hybrid infrastructure landscape where the economic decision about where to run a workload depends on its specific characteristics — compute intensity, data volume, access patterns, regulatory requirements, and predictability — rather than on a blanket preference for either delivery model. Server hardware investment in this context requires the same rigor as any capital investment: a specific business case for the specific workloads that the hardware will run.

The average organization with 500 to 1,000 employees is running between 100 and 200 SaaS applications. A fraction of those are managed by IT. The rest were procured by individual departments, teams, and employees using corporate credit cards, expense reports, and in some cases personal cards that get reimbursed. The finance team knows about the ones with purchase orders. The IT team knows about the ones that went through the security review queue. Nobody knows about all of them.

Phishing has been the leading initial access vector for enterprise breaches for over a decade. Security awareness training — the annual compliance exercise that organizations deploy to satisfy auditors and reduce cyber insurance premiums — has been the dominant organizational response for the same period. The training has not significantly reduced phishing click rates in most organizations. The reasons are structural, not motivational, and the solutions require technical controls rather than behavioral ones.

Low-code and no-code platforms arrived with a promise that has been partially delivered and significantly oversold: that business users without programming backgrounds could build the software applications they needed without depending on IT development teams. The partially-delivered part is real. Workflow automation tools like Power Automate, Zapier, and Make have genuinely enabled business users to build integrations and automations that previously required developer time. The oversold part is the claim that this capability extends to applications of arbitrary complexity.

Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

Every enterprise IT organization is running software it should have replaced years ago. The system is old enough that the vendor who originally built it may no longer exist. The employees who know how it works are approaching retirement or have already left. The documentation, if it ever existed, is incomplete or missing. The integration with everything else in the technology stack was built on assumptions that have since changed. The system runs critical business processes that the organization cannot operate without.

The average organization with 500 to 1,000 employees is running between 100 and 200 SaaS applications. A fraction of those are managed by IT. The rest were procured by individual departments, teams, and employees using corporate credit cards, expense reports, and in some cases personal cards that get reimbursed. The finance team knows about the ones with purchase orders. The IT team knows about the ones that went through the security review queue. Nobody knows about all of them.

Enterprise software procurement moves at a pace that the software it is trying to purchase has long since left behind. The average procurement cycle for a mid-market enterprise software purchase — from initial vendor identification to signed contract — runs between four and nine months. The software category the procurement team is evaluating will have shipped multiple major releases during that period. The requirements documentation that anchored the evaluation will have drifted from what the business actually needs. The vendor selected may have been acquired.

The average organization with 500 to 1,000 employees is running between 100 and 200 SaaS applications. A fraction of those are managed by IT. The rest were procured by individual departments, teams, and employees using corporate credit cards, expense reports, and in some cases personal cards that get reimbursed. The finance team knows about the ones with purchase orders. The IT team knows about the ones that went through the security review queue. Nobody knows about all of them.

The IT support model that existed before 2020 was built around physical proximity. The helpdesk sat in the office building. Employees who needed support walked to the helpdesk or the helpdesk walked to the employee. Hardware issues were resolved by hand. The model had inefficiencies — the helpdesk was idle when nobody needed support, and wait times were unpredictable — but it had a ceiling on support complexity that physical access naturally enforced.

Enterprise IT has adopted AI-assisted tools at an uneven pace across the four functional areas. The adoption unevenness reflects a genuine difference in the maturity of AI applications across contexts — some IT functions have clear, measurable AI use cases with documented productivity gains, while others have AI vendor claims that have not translated to operational reality at the scale most enterprises require.

The honest assessment of where AI is saving time in enterprise IT is narrow but real: specific use cases within IT support, security operations, and software development assistance have demonstrated consistent productivity gains. The broader claims — AI transformation of IT operations across all functions — remain future-oriented rather than present-tense.

The IT budget allocation problem is structural, not mathematical. Organizations that spend the right total amount on IT frequently allocate it incorrectly across the four functional areas — run the business, grow the business, transform the business, and maintain the infrastructure that enables all three — producing technology environments that are simultaneously overspent in some areas and critically underfunded in others.

The allocation pattern that is most common and most damaging is heavy spending on new software and technology initiatives with insufficient investment in the support, security, and infrastructure maintenance that determines whether those investments function reliably. An organization that spends aggressively on digital transformation while deferring network infrastructure refresh, understaffing the helpdesk, and running security with inadequate tooling has not made a strategic trade-off. It has made an accounting error that looks like a strategic choice.

The self-service IT portal is one of enterprise IT’s most persistent good ideas with consistently poor implementation. The idea is sound: employees who can resolve their own IT issues without contacting the helpdesk reduce the support burden, resolve their issues faster, and build a level of IT self-sufficiency that benefits the organization. The implementation failure is that self-service portals are almost universally designed to make it easy for IT to publish content rather than easy for employees to find solutions to their problems.

Every IT organization with a persistent ticket backlog treats the backlog as the problem and measures progress by reducing it. This is the wrong frame. A ticket backlog is the visible manifestation of a supply-demand imbalance in IT support capacity — the result of a problem, not the problem itself. Treating the backlog as the target produces solutions that attack the symptom: hiring more helpdesk staff, implementing triage automation to move tickets faster, setting SLA targets that create pressure to close tickets quickly. None of these address why the tickets were created in the first place.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

Every enterprise IT organization is running software it should have replaced years ago. The system is old enough that the vendor who originally built it may no longer exist. The employees who know how it works are approaching retirement or have already left. The documentation, if it ever existed, is incomplete or missing. The integration with everything else in the technology stack was built on assumptions that have since changed. The system runs critical business processes that the organization cannot operate without.

Every IT organization with a persistent ticket backlog treats the backlog as the problem and measures progress by reducing it. This is the wrong frame. A ticket backlog is the visible manifestation of a supply-demand imbalance in IT support capacity — the result of a problem, not the problem itself. Treating the backlog as the target produces solutions that attack the symptom: hiring more helpdesk staff, implementing triage automation to move tickets faster, setting SLA targets that create pressure to close tickets quickly. None of these address why the tickets were created in the first place.

Enterprise software procurement moves at a pace that the software it is trying to purchase has long since left behind. The average procurement cycle for a mid-market enterprise software purchase — from initial vendor identification to signed contract — runs between four and nine months. The software category the procurement team is evaluating will have shipped multiple major releases during that period. The requirements documentation that anchored the evaluation will have drifted from what the business actually needs. The vendor selected may have been acquired.

Vulnerability management programs have a dirty secret that annual security assessments and compliance audits politely decline to examine: the remediation backlog. Organizations that have deployed vulnerability scanners — Tenable, Qualys, Rapid7 — know their vulnerability count precisely. Most of them have more open vulnerabilities than they will remediate in the coming year. Many have more open vulnerabilities than they will remediate in the next three years at their current remediation pace.

Network infrastructure occupies an unusual position in enterprise IT budget conversations. It is essential — nothing in the technology stack works without it — and invisible when functioning correctly. The invisibility is the problem. Network hardware that is approaching or past its end-of-support date, running firmware that has not been updated in years, and operating at utilization levels for which it was not designed accumulates risk silently. The incident that reveals the accumulation is not gradual. It is sudden.

The security vendor community has done something impressive with the Zero Trust concept: it has taken a principled architectural framework that requires organizational discipline, policy definition, and sustained implementation effort, and repackaged it as a product category that can be purchased and deployed. The repackaging is commercially effective. It is also misleading in a way that causes organizations to believe they have implemented Zero Trust when they have purchased a tool.