IDC Mauritius CIO Summit 2025

Partner Spotlight
AI’s Unexpected Side Hustles: What CIOs Can Learn from Sports, Music and Wildlife (and Security!)

When most CIOs think about AI, the immediate focus is on operational efficiency, automation or perhaps customer experience. Yet some of the most powerful lessons come from places we don’t traditionally associate with boardrooms or datacentres like the sports field, the recording studio, the African savannah, and yes, the battlefield of cybersecurity.

In sports, AI has quietly become the invisible coach. From tracking player fatigue in football to predicting injury risk in rugby, teams are making data-driven decisions that change the outcome of championships. CIOs can take note: performance monitoring doesn’t just belong in athletics. “Just as coaches use AI to keep athletes at their peak, we can use it to anticipate system stress points and prevent IT fatigue before it disrupts the business,” says Karien Bornheim, CEO of FABS.

Music tells another story. AI-generated compositions may grab headlines, but the real lesson lies in how musicians use AI as a creative collaborator rather than a replacement. It’s augmentation, not substitution. CIOs navigating AI adoption should take the same approach by leveraging AI to extend the creative and problem-solving capacity of their teams, not to undermine it. “Think of AI as the second instrument in your orchestra: it doesn’t replace the human musician, it amplifies them,” remarks Karien.

Wildlife offers a more surprising lesson. Conservationists are using AI to track migration patterns, combat poaching and monitor ecosystems in real time. The takeaway for CIOs is resilience and adaptability. Business environments, much like ecosystems, are interconnected and fragile. AI can provide visibility into unseen risks and opportunities, helping organisations adapt in a fast-changing digital landscape.

And then there’s security. Here the metaphor flips: AI is both predator and protector - the poacher and the ranger. On the dark web, criminals are exploiting AI to automate phishing, crack passwords and develop sophisticated malware. At the same time, defenders are wielding AI to detect anomalies, stop attacks in real time and train employees against social engineering. The lesson for CIOs is balance: you cannot ignore AI’s risks, but you equally cannot afford to miss its defensive power.

Ultimately, CIOs should embrace AI’s “side hustles” as more than curiosities. They are mirrors of how AI can be harnessed in business: as a coach, a collaborator, a conservationist and a cybersecurity sentinel. The challenge - and the opportunity - lie in knowing which role to activate and when.

Partner Spotlight
Backup Requirements for Business Continuity

The two key goals of IT organizations are to keep the business operational and to keep users productive.

Data backup is the pinnacle of data recovery.

Backup requirements need to be considered for 4 very different scenarios:

1. A user deletes or overwrites data

2. A large amount or all of an organization's data is deleted, corrupted, or encrypted

3. An entire data center site goes down due to a fire, flood, earthquake, hurricane, tornado, extended electrical grid failure, etc.

4. An audit that requires looking at data from months to years ago such as financial audits, legal discovery, and regulatory audits

To be prepared for each of these requires a certain set of features and functions.

The key to recovery of individual user files is to keep enough retention that goes back to before the data was deleted or overwritten. Most organizations keep 6 weeks of backup retention but sometimes the data was deleted or overwritten longer than 6 weeks ago, so longer-term retention is needed. Some files are only used once per quarter, and the file could have been deleted or overwritten up to 13 weeks ago and the user won't know it is not accessible until they try to update it. Longer-term retention is incredibly important to ensure files are recoverable.

Cyber attacks could be malicious and intended to bring an organization to a halt by deleting its data. Or the attack could involve a situation where threat actors encrypt the data and require that a ransom be paid to obtain the key to decrypt the data. Therefore, the backups need to be ready to quickly restore any or all data to continue operations. Restores need to be fast. The attacker will also delete backup data, so organizations need to be sure that the backup data has ways to guard against deletion, such as an air gap (backup data not accessible on the network), delayed deletes with retention lock, data locking, and immutability.

To recover from entire site failures, a copy of all data needs to be kept at a separate location outside of the disaster zone so that operations can continue. This requires WAN-efficient replication to send a copy of all data daily to the disaster recovery (DR) site. In this case, organizations need to deduplicate the data so that they are sending the least amount over the WAN possible to lower WAN costs and to have a strong RPO (recovery point objective). The sooner the data transfers to the DR site, the more up to date it is. In addition, organizations need to plan for RTO (recovery time objective) which is the time it takes to recover the data. Many organizations have a policy of being operational in 24 to 72 hours, which requires that organizations have their own second data center for DR data. To retrieve the large amount of data from a service or cloud typically takes weeks. It is also far more expensive, over a 5-year period, to keep DR data in the cloud versus in a second data center.

Lastly, organizations need to be prepared for audits. Organizations need to have data from months and years ago to ensure they can comply if audited (financial or regulators) or if they are facing legal action that requires legal discovery. Typically, 7 yearly backups are required, and it is not uncommon to see organizations keep 6 to 12 weekly backups for end-user data recovery and 12, 24, or 36 monthly backups, as well as 3, 5, or 7 yearly backups for audits and discoveries.

In summary, organizations have a lot to consider when meeting all requirements for business continuity, including end-user data restores, recovery from cyber attacks, site disasters, and audits and legal discoveries.

Partner Spotlight
Safeguarding the Invisible Gateway: Why DNS Security Must Be a CIO Priority

In the race to strengthen digital defences, organizations have invested heavily in firewalls, endpoint detection, and sophisticated SOC capabilities. Yet one critical layer often remains underutilized as a security control: the Domain Name System (DNS).

DNS is the internet’s silent enabler, directing billions of queries each day. But its very invisibility makes it a prime target. Cyber adversaries exploit DNS to launch phishing campaigns, enable command-and-control traffic, and exfiltrate data—all while evading traditional monitoring tools. A single unmonitored query can open the door to ransomware or advanced persistent threats, with devastating business consequences.

The risks are amplified in today’s hyperconnected environment. Hybrid work, cloud migration, and the proliferation of IoT and SaaS applications mean that DNS touches every digital transaction. Yet in many enterprises, DNS is still regarded as a utility service, not as a frontline security layer. This oversight is no longer sustainable.

Effective DNS security transforms this overlooked protocol into a strategic advantage. By applying threat intelligence, monitoring query patterns, and enforcing policies at the DNS layer, organizations can disrupt malicious activity at its earliest stage—before it reaches endpoints or networks. This proactive defence not only reduces the burden on security operations but also delivers measurable improvements in resilience and incident response.

Forward-looking CIOs are beginning to recognize that DNS is not simply about availability—it is about visibility and control. As adversaries grow more sophisticated, stopping attacks at the DNS layer has become one of the most cost-effective and scalable ways to safeguard digital assets.

In a threat landscape defined by stealth and speed, ignoring DNS security is no longer an option. It must be treated as a cornerstone of modern cyber defence. For organizations seeking to thrive in a digital-first world, safeguarding DNS is not just best practice—it is business-critical.

Analyst Spotlight
Enabling Security Outcomes with Artificial Intelligence

Frank Dickson,
Group Vice President, Security & Trust, IDC

ChatGPT launched to the world on November 30, 2022. Based on a large language model, it enabled users have interactive “conversations” with the AI-enabled software and unlock the riches buried in data stores. Microsoft Security Copilot, Google Cloud Security AI Workbench, AWS Titan/Bedrock, and IBM watsonx only served to intensify the buzz. As of the beginning of 2024, many vendors have enriched their products with generative AI (GenAI).

AI in security is hardly new. Analytics have been the foundation of cybersecurity since the very beginning. Machine learning (ML) and artificial intelligence found some of their early commercial applications in cybersecurity. Think about it. Symantec first used AI to develop malware signatures in 2003. Products like McAfee Deep Defender, FireEye Malware Protection System, and Cisco Advanced Malware Protection were launched more than 10 years ago!

As vendors look to differentiate their offerings and appeal to sophisticated, knowledgeable, and astute cybersecurity buyers, marketers commonly promote buzzwords. Yet buzzwords are seldom defined and rarely have a shared meaning among practitioners in the industry. The result is confusion.

IDC does not want to contribute to the confusion. There is some general guidance that IDC would recommend that CISOs, CIOs, and security professionals consider before shifting to domain-specific treatments:

1. Focus on the benefit, no matter what AI is.
2. Start with an outcome in mind.
3. Note that transparency is now more important than ever.
4. Create decision trees.
5. Demand low code, no code, or natural language processing (NLP).

IDC's CIO Summit series looks to address security in this new GenAI reality. We aim to guide you in working with the CEO and Board of Directors as we transition to delivering secure outcomes and a trusted organization to our executive constituencies.

Analyst Spotlight
Generative AI Will Transform the Software Development Life Cycle

Michele Rosen,
PhD, Research Manager, IDC

Generative AI (GenAI) has dominated the tech conversation since OpenAI's release of ChatGPT in late 2022. According to IDC's GenAI Awareness, Readiness, and Commitment (ARC) Survey (August 2023), C-level leaders in most organizations are already driving significant investment in GenAI capabilities across the enterprise, including customer-facing applications, decision support applications, and employee applications.

GenAI's extraordinary capabilities have raised questions about the future of work. Knowledge workers, including technical professionals, wonder which of their responsibilities can be performed more efficiently and effectively by this new technology. Indeed, IDC predicts that GenAI will dramatically transform the software development life cycle (SDLC):

• By 2026, 40% of net-new applications will be intelligent apps, where developers incorporate AI to enhance existing experiences and form new use cases; this maturation of GenAI technologies will catalyze accelerated growth of the world's developer population and cause the world's developer population to grow 1.5x faster.
• By 2028, natural language will become the most widely used programming language, with developers using it to create 55% of net-new applications and 80% of software tests (IDC FutureScape: Worldwide Developer and DevOps 2024 Predictions).

Although GenAI will be able to perform many technical tasks, organizational adoption of GenAI will require new custom development and new technical skills such as prompt crafting and engineering, the curation of the agents and actions that enable AI assistants to execute tasks, and the ability to evaluate and fine-tune models for specific use cases. Organizations must therefore ensure that developers have the new tools, platforms, and infrastructure they need to make GenAI opportunities a reality, such as prompt crafting interfaces, experimental sandboxes, tools for building the skills and actions that enable AI assistants to act, and interfaces for selecting, evaluating, grounding, and fine-tuning foundation models.

Given the rapid adoption of GenAI, it's not surprising that less than half of organizations investing significantly in generative AI have implemented governance processes such as a GenAI Center of Excellence, use and ethics guidelines, and employee training programs, according to IDC's GenAI ARC Survey. One way to facilitate governance is to leverage the GenAI capabilities that software vendors are adding to low-code and no-code development platforms. These platforms have been providing governance tools for both technical and non-technical employees for years, and so they could become the center of gravity for distributing and managing GenAI capabilities throughout the organization and for enabling employees to build their own apps, thereby increasing their productivity and enabling innovation.

Analyst Spotlight
Optimizing Infrastructure for the GenAI Era

Matt Eastwood,
Senior Vice President, Enterprise Infrastructure and Datacenter, IDC

The integration of artificial intelligence (AI) into IT infrastructure is a transformative event, ushering in a new era for IT management and strategy. This change compels IT leaders to reconsider their conventional IT frameworks and adopt innovative technology paradigms. Central to this transformation is the need to advance data models and manage workloads effectively across diverse environments, including edge computing, core datacenters, and hybrid cloud systems.

AI's incorporation into IT operations necessitates a fundamental reevaluation of how workloads are distributed and managed. IT leaders are now tasked with optimizing cloud operations, a key component of which involves leveraging AI to improve efficiency and performance. Moreover, the shift toward AI integration increases the importance of sustainable IT practices. In an age where environmental impact is a critical concern, developing energy-efficient AI systems that align with corporate ethical standards is imperative.

The resilience and adaptability of IT infrastructure are vital in this dynamic landscape. As AI technologies continue to evolve, IT systems must be designed to be flexible and robust, capable of adapting to new advancements and challenges. This approach not only enhances current operations but also sets the stage for future innovations in IT infrastructure that is further influenced by AI.

Additionally, the role of AI in automating and optimizing IT processes cannot be overstated. By harnessing AI, IT leaders can achieve greater operational efficiency, reduce human error, and provide more personalized and responsive IT services. This leads to a more proactive IT management style, where predictive analytics and machine learning algorithms anticipate issues and needs, leading to preemptive solutions. Furthermore, the ethical and security aspects of AI in IT infrastructure are critical. As AI systems become more sophisticated, ensuring data privacy, ethical AI use, and robust security protocols is essential. IT leaders must navigate these complexities while fostering an environment of innovation and growth.

In summary, the advent of AI in IT infrastructure is a watershed moment, signaling a paradigm shift in how IT is managed and executed. It requires a holistic approach, blending advanced technology, sustainability, ethics, and resilience, to fully harness the potential of AI in revolutionizing IT operations and strategies. This shift is not just about adopting modern technologies, but about reimagining the role of IT in a rapidly evolving digital landscape.

Analyst Spotlight
The ESG Imperative: Building Blocks for Data-Driven Sustainability Transformation

Eren Eser,
Associate Research Director, Research (META), IDC

The United Nations' 2030 Agenda for Sustainable Development provides a shared blueprint for sustainable global development aimed at improving human lives and protecting the environment, and calls for urgent action by both developed and developing countries. In addition to the actions taken by countries, organizations also need to take urgent, serious steps toward sustainability. A recent IDC survey focused on sustainability maturity identified 42% of organizations worldwide as "sustainability mainstreamers," sitting right in the middle of the maturity curve, which spans from "just getting started" to full sustainability "visionaries" (source: IDC's Sustainability Readiness Survey, 2023). This represents an improvement compared with surveys from just a couple of years ago, where about three-quarters of respondents sat within the first maturity stage (i.e., conducting first materiality assessments and setting long-term targets).

Despite these recent improvements, organizations continue to struggle to collect and report investment-grade data from across their value chains. They are also only making slow progress regarding the organizational and cultural changes that are necessary to succeed on their transformation journeys and fully realize the potential financial and non-financial benefits related to corporate sustainability. Given the urgency to act and the broadening landscape of available IT products and ESG business services, sustainability leaders need to make informed purchasing decisions so they can effectively invest their budgets in solutions that yield a measurable ROI and help them move from ESG box checking into the operationalization phase.

There are three principal components of a sustainability management program: record, report, and respond. At present, the majority of organizations are in the first two categories, focusing on the collection and sharing of ESG-related data. However, a growing number of companies are maturing to the next stage of response and are leveraging the data that is collected to develop their strategies around sustainability improvements.

ESG management is not a point-in-time exercise but an ongoing process that requires a platform that can automate a continued influx of data and leverage that data to drive performance evaluation. Organizations are leveraging ESG platforms to essentially walk the organization along the path of ESG program development, and thus, once a sustainability strategy is established, these solutions can then be leveraged to track performance. As organizations are being judged on their ability to meet stated ESG goals (in terms of both public opinion and legislation), understanding progress on the path to that goal is essential. Platforms that can automate data ingestion and map to specific KPIs help organizations keep track of these goals and create alerts when performance falls short. They can also potentially provide insights on actions to take to remain on course.

Developing a sustainable society is an obligation that all governments and industry leaders must shoulder, and sustainability transformation provides an opportunity that must be seized without delay. Today, digital transformation and sustainability transformation have a crucial factor in common — both have become essential to organizations' core operations. And technology has a crucial role to play in helping organizations to augment the sustainability transformation process.

Analyst Spotlight
The AI Everywhere Era in the Public Sector

Massimiliano Claps,

Research Director, IDC

AI and GenAI are having an increasingly pervasive impact on government — across missions, use cases, processes, and systems — in the Middle East and beyond. The disruptive impact of these technologies, compounded by geopolitical volatility, technical debt, digital sovereignty concerns, elevated citizen expectations, and regulatory changes, will require government leaders to approach innovation holistically. The acquisition and implementation of new technologies will not be enough. Realizing the benefits of AI, cloud, and industry platforms will require revisiting governance, risk management, culture, and the building of competencies to accelerate innovation.

Realizing the Value of AI at Scale in the MEA Region

The advent of GenAI prompted a surge of experimentation. Governments piloted GenAI for task automation, such as summarizing meeting minutes, drafting RFI and RFP documents for public tenders, creating job requisitions, synthesizing information to respond to freedom of information requests, and conducting research for the preparation of policy briefs. As pilot projects empowered them to evaluate benefits and risks, national governments and smart cities started to invest in scaling both traditional AI/ML and GenAI systems to address more complex industry-specific scenarios, such as service and benefits personalization, clinical care, and traffic safety. AI-enabled digital assistants started to help citizens interact with systems through conversational interfaces, instead of having to scroll through screens and fill out forms. Employee digital assistants started to help expert government case managers review, validate, and respond to citizen requests in a more holistic and personalized manner.

AI-powered governments will need to rethink their strategies, governance, people, and technologies to effectively adopt AI. This radical transformation will require governments to establish senior leadership roles that can build organizational capacities and competencies; design and enforce governance policies, structures, and processes; and deploy data and AI infrastructure, platforms, and application capabilities that align with strategic mission goals — all while complying with regulation. The MEA region is leading the charge; for instance, the Dubai government appointed 22 chief artificial intelligence officers (CAIOs) in 2024.

To achieve this level of automation, CAIOs need to work with line-of-mission and program leaders to re-engineer processes and systems so they can apply algorithms that recognize changes in their constituents' circumstances, identify the root causes, and trigger operational workflows or dynamically reconfigure services and programs to meet constituents' evolving needs and preferences.

From an architectural standpoint, this level of end-to-end process automation will require a combination of agents that will provide multimodal capabilities to process text, rules, and images, and will be orchestrated to deliver intended outcomes across end-to-end workflows.

To generate the desired outputs and outcomes from the application of AI and GenAI, government CAIOs and chief data officers need to feed data-hungry algorithmic training and fine-tuning. To avoid using low-quality datasets, which grow bias and hallucination, lower accuracy, and increase the risk of intellectual property infringement and other ethical and compliance risks, governments will invest in data logistics and control planes and establish governance polices and processes that enable them to control quality, reliability, and integrity of datasets.

Hybrid, multicloud environments are becoming the cornerstone for governments wanting to modernize their infrastructure, transform their applications, and take advantage of innovations such as AI and GenAI. FinOps practices and tools need to be in place to control costs, particularly as innovative capabilities are being tested and then scaled. AI will augment FinOps tools too, to optimize cloud resource sizing and usage, increase the transparency and accountability of cloud costs and carbon footprints, and detect anomalies.

Governments consider AI not only a tool for efficiency improvement, but a national strategic asset. They want to be able to harness AI to drive opportunities for the national AI innovation ecosystem and secure data and technical independence. This will drive new policy requirements for sovereign AI controls, such as data governance, data localization, and control requirements; scrutiny over hardware and software bills of material, algorithmic transparency, data protection, cybersecurity, and the ethical use of AI; and investments in local knowledge transfer. As a result of some of these policies, global cloud and AI platform companies have significantly increased their investments in local infrastructure and operations in the MEA region, with the Saudi Arabia and the UAE being the main beneficiaries.

As AI becomes more pervasive, robust security controls must be put in place, starting early on in the design stage for the hybrid, multicloud environments where these systems will be deployed. Security controls, along with updated governance policies and literacy programs, will be critical to ensure responsible AI innovation that minimizes the risk of misuse, such as generating misinformation, deepfakes, or biased content, as well as avoiding exposing systems to attacks and loss of sensitive and critical data.

Government CIOs and CAIOs that have a mandate to realize the benefits of AI at scale will have to develop trustworthy collaborative approaches to identify early wins, establish responsible AI governance and cybersecurity best practices, embed sovereignty principles in platform procurement and implementation, and apply FinOps best practices and tools to control the cost of innovation.