It’s no stretch to say that most businesses likely feel confident about their cloud strategy today. They have invested heavily in modern platforms, deployed advanced security tools and strengthened identity control.
The environment should look secure, scalable and resilient.
I have seen firsthand where cloud adoption is treated as a modernization milestone and risk reduction strategy. Dashboards turn green, compliance boxes are checked and leadership gets an assurance that the organization is secured since moving to the cloud.
As we move to newer and more modern platforms, the question remains, “How quickly and confidently can your business recover from a cyberattack?”
Cyber recovery in today’s threat landscape determines survival. The stakes are no longer theoretical. According to IBM’s Cost of Data Breach Report, the global average cost of a data breach is $4.4M globally, and over $10M in the US.
Ransomware has evolved from an IT disruption to a business shutdown event. Industry reports indicate that ransomware is involved in nearly half of the major breaches. According to Sophos’ State of Ransomware report, the average recovery cost now exceeds $2.7 million per incident, excluding reputational damage and lost revenue.
Cloud transformation has become synonymous with modernization. Organizations move to the cloud to gain scalability, agility and perceived improvement in security.
Cloud providers invest billions into securing their data infrastructure with capabilities that far exceed what most organizations could build on premises. But here’s where the illusion begins.
Many organizations equate cloud adoption with risk reduction, if migrating workloads inherently makes them more secure. Cloud does not eliminate the cyber risk. It changes its shape and shifts its ownership.
In a cloud environment, many of the risks move up the stack:
One of the leading causes of cloud breaches is simple misconfiguration. Publicly exposed storage and overly permissive roles continue to create entry points for attackers. These are the failures of implementation and governance.
In a traditional environment, attackers target networks. In the cloud, they target identities. Compromised credentials, privilege escalations and weak access control allow attackers to move laterally across systems.
Once inside, they strategically target backups and recovery systems, ensuring that restorations become difficult or impossible.
The most dangerous aspect of this illusion is the belief that resilience is built in. Cloud platform provides high availability. A system can be highly available but still can have corrupted restore, fail to meet business recovery timelines and reintroduce vulnerabilities during recovery.
For years, cybersecurity has been built around a single objective, which is prevention. Organizations have invested heavily in firewalls, endpoint protection, identity controls and zero-trust architecture. While these investments remain essential, they are no longer sufficient. The reality is that no organization can prevent every attack.
It’s a fundamental change in thinking:
When the cyberattack occurs, the initial breach is only the beginning. The real impact unfolds in the hours and days that follow. The system goes offline, operations stall, customers are affected and revenue streams are disrupted. The question is how well the organization is prepared and how quickly they respond when such a scenario occurs.
Speed of recovery is the new competitive advantage. An organization that recovers faster can restore operations with minimal downtime, maintain customer trust and limit financial and reputational damage. Those that don’t face prolonged outages, risk regulator exposures and experience long-term brand erosion. Recovery should be the board-level priority. Traditional technical metrics must be reframed in business terms.
Metrics like recovery time objective (RTO) and recovery point objective (RPO) have existed for decades, but at times have been buried in infrastructure discussions. This needs to be changed.
RTO defines how quickly the systems must be restored.
RPO defines how much data loss is acceptable.
Speed alone is not enough. One of the most overlooked challenges is data integrity. After an attack, organizations must ensure that restored systems are not only operational but clean and uncompromised.
This leads to the question. Can it be restored quickly and safely?
In many incidents, organizations discover that the backups are infected, data was silently corrupted and the recovery process reintroduces vulnerabilities. Data from Veeam shows that when backups were compromised, recovery time increases substantially, often accompanied by higher data loss and extended business outage.
Here is a key insight on attackers increasingly dwelling in the system for weeks and compromising the backup process before triggering ransomware. This leads to backups already containing malicious artifacts and delayed detection and unsafe recovery attempts.
Building a cyber recovery capability establishes a resilience layer across the organization. At a minimum, this includes:
As cyber threats continue to evolve, businesses should challenge themselves with a new set of questions:
Cloud has transformed how organizations build, scale and operate technology. It has delivered agility, speed and a new level of architectural resilience. But it has also introduced a more complex and unforgiving risk landscape, where cyber threats are not only inevitable, but increasingly designed to disrupt recovery itself.
Cyber recovery must be treated as a strategic capability, not an operational afterthought. An organization should not only have a cloud strategy but also a cyber recovery plan.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
IDC estima que a finales del año pasado había más de 28 millones de agentes de IA desplegados, y predice que en 2029 habrá más de 1.000 millones activos, ejecutando 217.000 millones de acciones al día.
Es fácil crear una prueba de concepto (POC) de un agente de IA, afirma Venkat Achanta, director de tecnología, datos y análisis de TransUnion, una empresa global de informes crediticios con unos ingresos de 4.600 millones de dólares. Pero gestionarlo, protegerlo y escalarlo supone todo un reto, especialmente para empresas de sectores altamente regulados, como los servicios financieros y la sanidad. Para abordar el problema, TransUnion ha dedicado los últimos tres años a desarrollar su plataforma de IA agentiva, OneTru. El objetivo era crear algo tan fiable y determinista como los antiguos sistemas basados en scripts y diseñados por expertos, pero tan flexible como la IA general, y tan fácil de interactuar como un chatbot.
El truco, sin embargo, consistía en combinar lo mejor de ambos mundos utilizando sistemas tradicionales para los procesos centrales, donde la explicabilidad y la fiabilidad son clave, e incorporando la funcionalidad de la IA general de forma limitada para las tareas para las que resultaba especialmente adecuada. Y dado que no se disponía de la infraestructura necesaria para ello, TransUnion construyó la suya propia, destinando 145 millones de dólares al proyecto. Fue una gran inversión en una tecnología sin probar, pero ya ha supuesto un ahorro de 200 millones de dólares. Más aún, una vez construida la plataforma, TransUnion la utilizó para crear soluciones orientadas al cliente.
En marzo de este año, por ejemplo, TransUnion lanzó su AI Analytics Orchestrator Agent, creado con la plataforma OneTru y basado en los modelos Gemini de Google. TransUnion ya utiliza este agente internamente para mejorar los análisis, y los clientes también pueden utilizarlo para realizar sofisticados análisis de datos sin necesidad de recurrir a científicos de datos.
Muchos clientes utilizan los datos de TransUnion, pero no utilizan otras soluciones ni plataformas, afirma Achanta. El nuevo agente de orquestación tiene el potencial de ayudar a los clientes a sacar más partido a los datos y de abrir nuevas fuentes de ingresos para la empresa. Y hay más agentes en desarrollo, afirma Achanta. La clave para que funcionen son las capas de orquestación, gobernanza y seguridad. Hacer que un agente haga algo es muy fácil para cualquiera, dice, y puede llevar solo unos días. La empresa también puede crear agentes rápidamente. “Pero yo tengo la base y las barreras de seguridad, y el agente que se encuentra en mi plataforma las utiliza todas. Eso es lo que nos da poder”, afirma.
El secreto para lograr que los agentes de IA se comporten es separar las capas de la tarea y asignar cada capa a un sistema diferente, cada uno de los cuales opera bajo un conjunto de restricciones. Este enfoque limita el daño que puede causar cualquier agente en particular, crea un sistema de controles y contrapesos, y restringe las actividades más arriesgadas a una tecnología de IA de generación previa.
Por ejemplo, en TransUnion, la toma de decisiones principal la lleva a cabo una versión actualizada de un sistema experto. Funciona bajo un conjunto de reglas bien definidas y auditables, y opera de forma predecible, rentable y con baja latencia. Cuando se encuentra con una situación que no ha visto antes, se utiliza un LLM para analizar el problema; a continuación, un agente diferente podría convertirlo en una nueva regla, y luego se podría recurrir a un humano para revisar los resultados antes de que la nueva regla se añada al sistema experto. Hay diferentes agentes que comprenden la capa semántica, interactúan con los humanos y realizan otras tareas. “Con la capa de razonamiento neuronal —el LLM— incorporamos a los humanos al proceso. Cuando se trata de una capa de razonamiento simbólico, que se basa en la lógica y el aprendizaje automático, dejamos que se automatice”, explica.
Así, cuando cada agente opera dentro de restricciones muy estrictas, solo con los datos limitados que necesita para esa tarea concreta, y está limitado a lo que puede hacer, todo el sistema se vuelve mucho más manejable y fiable. Es como la diferencia entre una cadena de montaje, donde varios trabajadores realizan cada uno una tarea única y distinta, en lugar de un taller donde un solo artesano lo hace todo. La cadena de montaje puede trabajar más rápido y de forma más fiable, pero hoy en día muchas empresas implementan sus agentes de IA como si fueran artesanos. Este último enfoque puede dar lugar a productos creativos y únicos, pero no siempre es lo que una empresa necesita.
Nicholas Mattei, presidente del grupo de interés especial de la ACM sobre IA y profesor de la Universidad de Tulane, sugiere que las empresas se centren en incorporar seguridad adicional en los puntos donde se conectan las diferentes partes del sistema de agentes. “Hay que asegurarse de que hay seguridad en las uniones”, afirma. Por ejemplo, si un agente envía solicitudes a un servicio de correo electrónico, hay que configurar un punto de control entre ambos. “En los huecos entre los agentes poco fiables y donde reside el software tradicional es donde se tienen que ubicar los procesos de seguridad”, relata.
En una encuesta de Jitterbit realizada a 1.500 líderes de TI publicada en marzo, la responsabilidad de la IA —seguridad, auditabilidad, trazabilidad y medidas de protección— es el factor más importante a la hora de tomar la decisión final de compra de IA, por delante de la velocidad de implementación, la reputación del proveedor e incluso el coste total de propiedad. Los riesgos de seguridad, gobernanza y privacidad de los datos también fueron las principales cuestiones que impedían que las iniciativas de IA pasaran a producción, por delante de los costes y los retos de integración. Y tienen razón en estar preocupados.
A principios de este año, investigadores de la empresa de ciberseguridad CodeWall lograron vulnerar la nueva plataforma de IA de McKinsey, Lilli. Utilizando una herramienta de IA propia, los investigadores afirmaron que pudieron acceder a 47 millones de mensajes de chat, 728.000 archivos, 384.000 asistentes de IA, 94.000 espacios de trabajo, 217.000 mensajes de agentes, casi 4 millones de fragmentos de documentos RAG y 95 indicaciones del sistema y configuraciones de modelos de IA. “Se trata de décadas de investigación, marcos y metodologías propios de McKinsey: las joyas de la corona intelectual de la empresa almacenadas en una base de datos a la que cualquiera podía acceder”, escribieron los investigadores.
¿El motivo? De los más de 200 puntos finales de API expuestos públicamente, 22 no requerían autenticación. Los investigadores tardaron solo dos horas en obtener acceso completo de lectura y escritura a toda la base de datos de producción de Lilli. McKinsey respondió rápidamente a la alerta, corrigió los puntos finales sin autenticación y tomó otras medidas de seguridad. “Nuestra investigación, respaldada por una empresa forense externa líder, no identificó ninguna prueba de que este investigador o cualquier otro tercero no autorizado hubiera accedido a datos o información confidencial de los clientes”, afirmó la empresa en un comunicado.
IDC indica que el incidente pone de relieve lo peligrosa que puede ser la violación de un sistema de IA para una empresa. “La mayoría de las empresas siguen pensando en los riesgos de la IA en términos del pasado: fuga de datos, resultados erróneos y daño a la reputación de la marca”, explica Alessandro Perilli, vicepresidente de investigación en IA de IDC. “Esos son problemas graves, pero el mayor riesgo reside en delegar autoridad a los sistemas de IA”.
Al obtener acceso a una plataforma de IA agentiva, un atacante no solo puede ver algo que no debería, sino también cambiar de forma encubierta la forma de actuar de la empresa. Y proteger sistemas de IA agentiva a escala empresarial como Lilli es solo la mitad del reto. Según Gartner, el 69% de las organizaciones sospecha que sus empleados utilizan herramientas de IA prohibidas, y el 40% sufrirá incidentes de seguridad o de cumplimiento normativo para 2030 como consecuencia de ello.
Pero las herramientas de detección disponibles no están del todo preparadas para encontrar agentes de IA, indican desde Gartner. “Si te preguntara cuántos agentes se ejecutan en tu empresa en este momento, ¿dónde irías a buscarlo?”, pregunta Swaminathan Chandrasekaran, director global de IA y laboratorios de datos en KPMG, que ahora cuenta con varios miles de agentes de IA en producción. “¿Se han incorporado todos y tienen identidades? ¿Han pasado por un proceso de autenticación adecuado y quién está a cargo de ellos? Esa infraestructura no existe”.
Sin embargo, las herramientas están empezando a surgir, o las empresas están creando soluciones “hazlo tú mismo”, cuenta. “Eso es lo que va a dar tranquilidad a los directores de sistemas de información”. Ya estamos viendo ejemplos públicos de empleados individuales que implementan una potente IA agentiva con consecuencias negativas. Summer Yue, directora de alineación de Meta, decidió recientemente utilizar OpenClaw, una herramienta viral de IA agentiva de código abierto, para ayudarla a gestionar su bandeja de entrada. Después de que funcionara en una bandeja de entrada de prueba, la implementó de verdad.
“Nada te hace sentir más humilde que decirle a tu OpenClaw que confirme antes de actuar y ver cómo borra tu bandeja de entrada a toda velocidad”, escribió en X. “No pude detenerlo desde mi teléfono. Tuve que correr hacia mi Mac mini como si estuviera desactivando una bomba”. En el pasado, un empleado podía subir información confidencial a un chatbot o pedirle que redactara un informe que luego copiaría y pegaría, haciéndolo pasar por suyo. A medida que estos chatbots evolucionan hacia sistemas agenticos completos, los agentes tienen ahora la capacidad de hacer cualquier cosa para la que el usuario tenga privilegios, incluido el acceso a los sistemas corporativos.
Para gestionar este nuevo riesgo de seguridad, las empresas tendrán que pasar de controles basados en roles e identidades a otros basados en la intención, afirma Rakesh Malhotra, director de tecnologías digitales y emergentes en EY. No basta con preguntar si un agente tiene permiso para acceder a un sistema y realizar un cambio en un registro, afirma. Las empresas deben poder preguntar por qué se está realizando ese cambio. Ese es un gran reto en este momento. “La tecnología de observabilidad no capta la intención de por qué el agente ha hecho algo”, afirma. “Y eso es realmente importante de entender. La confianza se basa en la intención, y no hay forma de que ninguno de estos sistemas capte la intención”.
Si un empleado humano intentara refactorizar toda la base de código, se le pediría que diera una buena razón para hacerlo. “Y si estás refactorizando sin ninguna razón específica, quizá no deberías hacerlo”, dice Malhotra. “Con las personas, hay formas de juzgar esto. No sé cómo hacerlo con los agentes”.
Achanta, de TransUnion, menciona repetidamente la base semántica de la plataforma OneTru de la empresa. Esa comprensión de la información ayuda a los sistemas a entender no solo qué son los datos, sino qué significan y cómo se relacionan con otros datos. Gartner afirma que desarrollar una capa semántica es ahora imprescindible para las empresas que implementan IA. “Es la única forma de mejorar la precisión, gestionar los costes, reducir sustancialmente la deuda de IA, alinear los sistemas multiagente y detener las costosas inconsistencias antes de que se extiendan”, dice.
Para 2030, las capas semánticas universales se considerarán infraestructura crítica, junto con las plataformas de datos y la ciberseguridad, predice Gartner. Y los agentes necesitan contexto para poder hacer algo significativo con los datos, afirma Chandrasekaran, de KPMG. Ahí es donde reside el conocimiento de una empresa. “Esa es tu nueva propiedad intelectual para la empresa. El contexto es la nueva muralla defensiva”.
Para John Arsneault, director de sistemas de información de Goulston & Storrs, crear una base de datos sólida es también una forma de evitar la dependencia de un proveedor. “Si compras productos y trasladas tus datos a ellos para automatizar flujos de trabajo o crear asistentes de trabajo para los agentes, te costará mucho salir de ahí. Pero si adoptas un enfoque centrado en los datos, al menos podrás pasar de uno a otro si se produce un cambio en el mercado”.
El bufete de abogados ha migrado sus productos de trabajo orientados al cliente a NetDocuments, un sistema de gestión de documentos enfocado específicamente al sector jurídico. Y el resto de los datos que recopila la empresa se almacenan en el ‘data lakehouse’ jurídico de Entegrata.
“Nuestro objetivo es que, con el tiempo, todas nuestras demás aplicaciones apunten a ese lago de datos. Entonces tendremos estos dos entornos donde residen todos los datos del bufete, lo que nos permitirá integrar cualquier herramienta de IA que utilicemos”, afirma.
También facilitará la gestión de los flujos de datos, añade, y permitirá al bufete adaptarse rápidamente a cualquier tecnología de IA que surja en el futuro. “Ya sea IA generativa, agéntica o de Anthropic, con el complemento legal de Cowork, es muy difícil mantenerse al día. Y cambia cada seis meses”.
La última pieza del rompecabezas de la infraestructura de agentes, tras establecer las medidas de seguridad y crear una capa de datos utilizable, es la orquestación. Los sistemas de IA de agentes requieren que los agentes se comuniquen entre sí y con los usuarios humanos, e interactúen con fuentes de datos y herramientas. Es un reto complicado, y esta tecnología se encuentra todavía en una fase muy incipiente, aunque avanza rápidamente. MCP es un ejemplo de ello, y es una pieza clave para resolver el rompecabezas de la orquestación. Los proveedores de IA se han mostrado muy dispuestos a cooperar en este ámbito.
“Cuando surgieron las redes sociales, y Facebook y Twitter debatían sobre un protocolo estándar para interactuar, nadie quería adoptar el protocolo de sus competidores”, afirma Agustín Huerta, vicepresidente sénior de innovación digital y vicepresidente de tecnología en Globant, una empresa de transformación digital. “Ahora todo el mundo está adoptando MCP y madurándolo como protocolo estándar”.
Pero eso no quiere decir que la integración de agentes se haya resuelto. Según una encuesta de Docker realizada a más de 800 responsables de la toma de decisiones de TI y desarrolladores, la complejidad operativa de orquestar múltiples componentes es el mayor desafío a la hora de crear agentes.
En concreto, el 37% de los encuestados afirma que los marcos de orquestación son demasiado frágiles o inmaduros para su uso en producción, y el 30% señala deficiencias en las pruebas y la visibilidad en orquestaciones complejas.
Además, aunque el 85% de los equipos están familiarizados con MCP, la mayoría afirma que existen importantes problemas de seguridad, configuración y gestionabilidad que impiden su implementación en producción. Y hay otros problemas de integración a los que las empresas deben hacer frente.
“Un problema aún por resolver es cómo conseguir un panel de control adecuado para gestionar todos estos agentes, para saber exactamente qué está pasando con cada uno de ellos”, afirma Huerta. “Hay un panel que permite supervisar los agentes creados con OpenAI y otro para los que residen en Salesforce, pero ninguno puede mostrar la telemetría en un panel centralizado para el control, la auditoría y el registro”.
Para las empresas que acaban de empezar a implementar agentes, o que se ciñen a una única plataforma, esto aún no supone un problema, añade, pero a medida que aprovechen una red más amplia de agentes, empezarán a experimentar estos retos. La propia Globant está creando su propio panel de control interno para la IA basada en agentes, por ejemplo.
Y en Brownstein Hyatt Farber Schreck, un bufete de abogados con 50 años de antigüedad, unos 700 empleados y clientes en todo Estados Unidos, hay varias áreas en las que se está implementando la IA, incluido un sistema generador de propuestas.
Normalmente, varias personas pueden tardar días en revisar la solicitud de propuesta de un cliente, examinar notas manuscritas o transcripciones de reuniones y recopilar otros materiales relevantes, afirma Andrew Johnson, director de sistemas de información del bufete. “Podemos introducir toda esa información en un ordenador y extraer los criterios clave para producir un primer borrador de calidad en cuestión de minutos”, afirma.
Se requieren múltiples agentes para las diferentes partes del proceso: uno para extraer los criterios de éxito o los requisitos de personal, otro para buscar precedentes y lecciones aprendidas, y otros para la fijación de precios y los estándares de marca. “Cada uno de esos agentes es autónomo y debe coordinarse para que los resultados de cada uno se incorporen al siguiente paso”, explica Johnson. En su mayor parte, eso significa un sistema RAG, ya que la mayoría de las plataformas heredadas que utiliza la empresa aún no han incorporado una capa MCP.
Dependiendo de la tarea, los agentes individuales pueden funcionar con diferentes modelos, lo que supone otra capa de coordinación que hay que gestionar. Luego está el control de costes. Si un agente de IA o un grupo de agentes entra en un bucle de retroalimentación infinito, los costes de inferencia pueden aumentar rápidamente. “Somos conscientes de la preocupación, aunque aún no la hemos visto materializarse”, afirma Johnson. “Por eso contamos con un sistema de supervisión. Si superamos los umbrales, reaccionamos”.
Independientemente de las estrategias o medidas para absorber los contratiempos, todo lo relacionado con la IA está cambiando más rápido que cualquier otra cosa que las empresas hayan visto. “Llevo 25 años en el sector tecnológico y nunca había visto nada igual”, señala Malhotra, de EY. “Las empresas de más rápido crecimiento de la historia se han creado todas en los últimos tres o cuatro años. El crecimiento en la adopción no tiene precedentes. Y hablo constantemente con clientes que están implementando tecnologías que eran muy relevantes hace nueve o diez meses, y todo el mundo ha pasado página”.
Durante años, Kubernetes ha ocupado un lugar casi mítico en las TI corporativas. Se ha posicionado como el plano de control del futuro, la abstracción estándar para los sistemas nativos de la nube y la plataforma que finalmente liberaría a las empresas del bloqueo de infraestructura. Para ser justos, algo de eso es cierto. Kubernetes ha aportado disciplina a la orquestación de contenedores, permitido modelos de implementación portátiles y proporcionado a los arquitectos un potente marco para gestionar aplicaciones distribuidas a gran escala.
Sin embargo, el mercado está cambiando, y también lo hacen las expectativas de las empresas. La cuestión ya no es si Kubernetes es técnicamente impresionante. Claramente lo es. La cuestión es si sigue representando la mejor opción para un número creciente de casos de uso empresariales convencionales. En muchos casos, la respuesta es cada vez más “no”. Lo que estamos viendo no es la muerte de Kubernetes, sino el fin de su dominio incuestionable como opción estratégica por defecto. He aquí el porqué.
A medida que iba creciendo la adopción de Kubernetes, muchas organizaciones dudaban en admitir que introduce complejidad operativa y requiere habilidades especializadas, ajustes constantes y una sólida gobernanza. Para gestionar bien Kubernetes se necesita ingeniería madura, observabilidad, seguridad, redes y gestión del ciclo de vida: mucho más que un proyecto secundario. Muchos han subestimado esta carga.
Lo que parecía elegante en los diagramas arquitectónicos se ha convertido en una carga real para los equipos de operaciones. Los clústeres se han multiplicado. Las cadenas de herramientas se han extendido. Las actualizaciones se han vuelto arriesgadas. La aplicación de políticas se ha convertido en una disciplina de ingeniería por derecho propio. Las empresas se han dado cuenta de que no solo han estado adoptando una plataforma de orquestación, sino que han estado construyendo y manteniendo un producto interno que requiere una inversión sostenida y conocimientos especializados escasos.
Eso puede ser aceptable para las empresas nativas digitales cuya escala y complejidad justifican el esfuerzo. Es mucho más difícil de vender a las empresas que quieren implementaciones fiables, aplicaciones resilientes y costes de nube razonables. En esos casos, Kubernetes puede parecer un sobredimensionamiento disfrazado de modernización estratégica. Cuando una empresa dedica más tiempo a gestionar la plataforma que a aportar valor empresarial sobre ella, la novedad se desvanece rápidamente.
Kubernetes se ha comercializado como una protección contra el bloqueo tecnológico, permitiendo que las aplicaciones se ejecutaran en entornos locales, en la nube y en el perímetro. Sin embargo, la mayoría de las empresas se enfrentaban a dependencias del ecosistema —almacenamiento, redes, seguridad, identidad, observabilidad, CI/CD, servicios gestionados y bases de datos nativas de la nube— que han creado un bloqueo práctico que Kubernetes no ha eliminado.
Lo que las empresas han ganado en portabilidad de cargas de trabajo, a menudo lo han perdido en complejidad del ecosistema. Se han estandarizado en Kubernetes sin dejar de depender en gran medida de los servicios gestionados y las convenciones operativas de un proveedor de nube concreto. El resultado ha sido un extraño término medio: toda la complejidad de una plataforma altamente abstraída sin la simplicidad total que supone utilizar servicios nativos con una visión definida de extremo a extremo.
Esto es más importante ahora porque los consejos de administración y los equipos ejecutivos están menos interesados en la opcionalidad arquitectónica teórica y más centrados en resultados empresariales medibles. Quieren velocidad, resiliencia, control de costes y menor riesgo. Si una plataforma de aplicaciones gestionada, un entorno sin servidor o una oferta de plataforma como servicio específica de un proveedor les permite alcanzar esos objetivos más rápido, muchos están dispuestos a aceptar cierto nivel de dependencia. Las empresas se están volviendo más sinceras sobre las compensaciones. Se están dando cuenta de que la flexibilidad estratégica es valiosa, pero no a cualquier precio.
Aquí es donde Kubernetes empieza a perder popularidad. La portabilidad tiene valor, pero para muchas empresas no ha justificado la carga operativa y organizativa que conlleva. La promesa ha superado el rendimiento real.
Quizás el cambio más importante es que las empresas están dejando de comprar primitivas técnicas en bruto para pasar a consumir plataformas de más alto nivel que se alinean mejor con la productividad de los desarrolladores y los resultados empresariales. Los equipos de ingeniería de plataformas ocultan cada vez más Kubernetes tras plataformas internas para desarrolladores. Los proveedores de nube pública siguen mejorando los servicios de contenedores gestionados, las ofertas sin servidor y los entornos de aplicaciones integrados que reducen la gestión manual de la infraestructura. Los desarrolladores, por su parte, no quieren convertirse en operadores de clústeres a tiempo parcial. Quieren vías rápidas para crear, implementar, proteger y supervisar aplicaciones sin tener que unir una docena de componentes.
En otras palabras, Kubernetes puede seguir estando presente bajo el capó, pero cada vez es menos visible y menos central en las decisiones estratégicas de compra. Eso suele ser un signo de madurez. Las tecnologías pasan de ser el titular a ser la infraestructura de base. Las empresas no se preguntan “¿Cómo adoptamos Kubernetes?” con tanta frecuencia como se preguntan “¿Cuál es la forma más rápida, segura y rentable de ofrecer aplicaciones modernas?”. Esa es una pregunta mucho más acertada.
La respuesta apunta cada vez más hacia plataformas curadas, entornos de desarrollo con una visión definida y servicios gestionados que abstraen Kubernetes en lugar de exponerlo. Esto no supone un rechazo de los principios nativos de la nube. Es un rechazo de la carga cognitiva innecesaria. Las empresas están decidiendo que no necesitan controlar cada capa de complejidad para aprovechar las ventajas de la arquitectura moderna.
Nada de esto significa que Kubernetes esté desapareciendo. Sigue siendo importante para entornos a gran escala, heterogéneos y altamente personalizados. Sigue siendo una opción excelente para organizaciones con una gran madurez de plataforma, restricciones normativas o necesidades operativas multicloud sofisticadas. Pero se trata de un segmento del mercado más reducido de lo que sugería en su día el ciclo de hype.
Lo que está perdiendo popularidad no es Kubernetes como tecnología, sino Kubernetes como estándar incuestionable para las empresas. Esta diferencia es importante. Las empresas se están volviendo más selectivas a la hora de decidir dónde aceptar la complejidad y dónde evitarla. Se inclinan menos por idealizar la infraestructura y están más dispuestas a optar por la simplicidad cuando esta existe.
Probablemente eso sea algo positivo. La función de la arquitectura empresarial no es admirar la tecnología elegante por sí misma. Consiste en alinear las decisiones tecnológicas con las realidades operativas, las restricciones económicas y los resultados empresariales. Según ese criterio, Kubernetes sigue teniendo un lugar, pero ya no goza de un pase libre.
A few years back, Bhaskar Ramachandran read the tea leaves and what he saw was clear: With all the enhancements hyperscalers continuous make, there was no value in having on-premises data centers any longer.
“There is just no way for a private company to match that,” says Ramachandran, global vice president and CIO of paints and coatings manufacturer PPG. “This is their business, and they’re really good at it, and it was clear that the size of the hyperscalers is just going to win over the infrastructure game. So it didn’t make sense for us to keep up with the infrastructure.”
PPG began dismantling its eight global data centers about four years ago, with the final one completed in November 2025. For a 143-year-old company that has gone through 60-some acquisitions, that was no small feat.
Applications and infrastructure became a lot to manage, combined with trying to maintain a strong cybersecurity posture and compliance. “You can’t consistently manage this sort of a footprint, and it becomes really unwieldy very quickly,” Ramachandran says.
Decommissioning a data center is like defusing a complex bomb. Every wire, sequence, and step must be handled with care, because one wrong move can be a blow to your organization in downtime risks, data breaches, or a hit to its bottom line.
“The decommissioning of data centers is underestimated in terms of complexity, financial risks, reputation loss, and data exposure,” according to Gartner. The firm estimates that by 2030, twice as many enterprise data centers will have been decommissioned compared to those built. Reasons include consolidations, obsolescence, and shifting workloads to cloud and colocation services.
In some instances, data centers have cropped up without much forethought. “Most organizations I work with didn’t build a data center intentionally — they grew into one,” says Aaron Walker, CEO of IT consultancy Overbyte, and a former associate partner at IBM Consulting. “A rack in a closet became a row in a repurposed room, and suddenly, you have a facility that was never designed for the job holding years of infrastructure decisions.”
Deconstructing that environment is work that often gets overlooked, says Walker.
He recently consulted with a large, fully remote online school in the throes of this process. The deconstruction work began with a full audit of what systems existed. From there every workload was categorized to determine what gets migrated, what gets moved to cloud-native infrastructure, and what gets retired entirely, he says.
Then came the physical side: decommissioning hardware and deciding what equipment had residual value and what to recycle.
“The timeline pressures are real,” Walker says. “You can’t just power things down. Dependencies surface that nobody documented.”
The IT organizational side had its own challenges. “People have years of institutional knowledge tied to physical systems, and there’s genuine anxiety about dismantling something they built and maintained,” he says.
Walker’s team also ran into issues trying to upgrade systems during the migration, which is generally a mistake, he says. “A data center deconstruction is already a significant change event, and layering additional upgrades on top of it introduces unnecessary risk. In most cases, it is better to separate modernization from migration.”
From start to finish, the deconstruction ran about a year, but timing will vary from project to project, he says.
When the time came for digital marketing agency Helium SEO to consider what to do with its data center, CTO Paul DeMott says the math was simple. “We were paying $12,000 a month toward the colocation fees, hardware support, and the maintenance cost for the physical servers sitting in racks. Cloud infrastructure promised better reliability, automatic scaling, and way less hassle once we were done moving everything.”
The most compelling reason to rid itself of a physical footprint, though, was flexibility. Physical servers equated to capacity planning six months ahead, DeMott says, and if they needed more resources, IT had to wait weeks for hardware to come and get installed.
“Cloud allows resources to be spun up in minutes and shut down at the same speed,” he says. “We went from buying expensive hardware that depreciated to purchasing what we are actually using.”
IT began by creating a list of all the apps running on physical servers and classifying them according to how difficult it would be to move them. “Simple web apps moved first as they barely needed changes,” DeMott says. “Databases and anything which stores data — that’s a little bit later because we’d have had to plan the migration well.”
Some older apps had to be changed to work on the cloud, he adds. The actual move took place over six months, and IT decommissioned the data center while deploying apps to the cloud in tandem, moving the services step by step with backup plans for each one.
Still, the process wasn’t seamless. “Translating 15TB of data to the cloud takes 72 hours on our internet connection, and that was the biggest problem,” DeMott notes. IT ended up using AWS Snowball, a physical hard drive, because it took staff weeks to upload everything, “and [it] ruined the performance in our network.”
Another issue was figuring out the cloud costs, which DeMott characterizes as “brutal. Different types of servers, storage, data transfer costs made it almost impossible to budget,” he says. “Our first month bill accrued at 40% more than we estimated because we forgot about charges for moving data out of the cloud.”
It took IT three months of “fumbling” to get costs below what the company paid for the data center before things stabilized.
Once PPG made the decision to dismantle its data centers and move everything to the cloud, it was time to spread the word internally. “When you say, ‘cloud only,’ it makes it much easier for you to have conversations,” Ramachandran says. “It just sets the entire organization up on a single mission … just those two words make it very, very clear to everybody in the company what that means. There is no room for interpretation.”
The news was revealed at a global town hall, and initially, Ramachandran says, the sentiment was, “this too, shall pass. Then people decided to get on board.”
There were the typical organizational change management issues to deal with. Building momentum takes time, he says, but once the first data center was shut down, people came to the realization that “Okay, we are actually doing this,” Ramachandran says. “Then there was no resistance … everybody got on board, and things started to accelerate.”
Officials ensured that all the training IT needed was made available to them and the company paid for everything, certifications included. “We recognized it in town halls; anybody that went through this training and got the certification. We celebrated people. We promoted people that did the things we wanted them to do,” he says. All of this helped reinforce the mission.
“For the most part, business users didn’t care; their apps were available and they didn’t care where they were,” although there were a couple of exceptions among more technically savvy employees who were concerned about workflow and the security implications of cloud. There was a perception among some that a data center was more secure, Ramachandran says.
That led to looking at publicly available information on all the cybersecurity incidents in the recent past. The research indicated a clear pattern, he says.
“And the pattern is: The more significant cybersecurity events were actually happening to companies” that were largely on-prem environments, Ramachandran observes. “So you came to this point where the cloud actually became lot more secure than on-prem infrastructure.”
There are several reasons why, he maintains, including that, relatively speaking, it is a lot easier to implement security policies consistently in the cloud because “you have a single pane of glass enforcement of policies that you don’t have in an on-prem environment.”
This makes managing your attack surface area more straightforward, Ramachandran says. “So you put all of this together, you package it up on the presentation, and talk to those people one on one, and then say, ‘This is why.’”
PPG works with a single hyperscaler for its business in China and three others. Deciding what apps went where was largely a function of the technology and which hyperscaler “lends itself to that brand of technology versus the other.” In some instances, where a decision of which to use wasn’t clear, IT made the call.
Step one was deciding on an approach, and PPG opted to modernize its apps at the same time as the deconstruction work. “When you pull together the business case to modernize applications, we came to a conclusion that if we do modernization on the application layer and the infrastructure layer at the same time, I would probably be retired by the time we migrated the data center,” Ramachandran says.
That made it easy to decide when to do a lift and shift and when to not bother migrating certain applications, he says. Then IT could focus on other business priorities to modernize the workforce.
“We just adjusted our roadmap to say the new [app] would go straight into the cloud” while not bothering to move older workloads, Ramachandran says.
The next step was “finding the people that are hungry to do something new and probably have a bit of experience and … they are waiting for someone to say, ‘Hey, let’s do this,’” Ramachandran says of the data center deconstruction. “They are forward thinkers. Every organization in our scale has [them]. It’s identifying those people and then … empowering them. They became the leaders in the new infrastructure.”
Once the migration started, it was important to celebrate the wins. That gets more people interested in being a part of the new organization PPG was forming called the Cloud COE (center of excellence).
The biggest mistake companies make is treating deconstruction as a single project instead of a phased operational shift, says Roland Parker, founder and CEO of Impress Computers, a managed IT services and cybersecurity firm in Houston.
“We walked one 200-person manufacturer through moving workloads in priority tiers — production-critical systems last, not first — which kept their floor running while we systematically eliminated physical infrastructure over 14 months,” he says.
However, it’s “the human side [that] kills more timelines than the tech does,” Parker observes. “Field supervisors and plant managers have work-arounds built around how legacy systems behave.” So, before touching a single rack, Parker’s team audits those informal processes, “because if you don’t, you migrate the infrastructure and orphan the people who actually use it.”
Overbyte’s Walker agrees, saying that almost all the snafus his team ran into during the online school deconstruction project were not technical, but came down to visibility. “At some point, you have to confront unknown systems; things with incomplete or outdated documentation,” he says. “We had moments where, after beginning to deprovision systems, stakeholders surfaced saying, ‘Wait, that’s still in use.’”
PPG experienced no disruptions during the dismantling process, Ramachandran says, other than some tactical delays and contracts that needed updating.
“There were some learnings on the network side because networking can get complex,” he says. “Sometimes, we extended the outage windows” to up to five hours, for example. Those were the hiccups.”
From start to finish, the decommissioning process of all eight data centers took about three years. “The end is not migrating all the workloads. The end is actually shutting down the data center,” Ramachandran stresses. This requires deconstructing the power, the cooling, fire systems, and multiple generators used for backup, which had to be removed by helicopter.
“You have to take the diesel fuel out and dispose it off and sell it. We have to get recertification of the building for safety, because this is a building where you had kilowatts of power coming in, which basically [also] went through a deconstruction process,” he says. “So you have to get a safety certification … all of this takes time because we have to give the building back to the building management the way they gave it to us.”
The painstaking data center deconstruction process has given Ramachandran valuable insight. “Make sure your best people spend time creating value for the business, as opposed to babysitting infrastructure,” he says, because infrastructure no longer adds value.
“You also do a lot of inherent risk management by getting rid of data centers and moving to a cloud environment you don’t have to worry about,” he adds. Noting the current state of the economy, Ramachandran says coping with sudden price increases for memory and chips is no longer stressful since they aren’t buying infrastructure.
“You’re basically giving back working capital to the company, because you’re moving the organization from a fixed capital environment to your variable cost model completely,” he says, “and you don’t have to refresh your hardware every four or five years.”
Cost was never the objective for the data center deconstruction, Ramachandran notes. “Nonetheless, when we did the business case, we said it’s not going to cost us any more or any less, but will buy us better security, better flexibility, better agility for the organization,” as well as better focus and technology. “And we achieved all of those.”
The value is in all those other areas. “We are not data center operators. The team is now focused on delivering applications that are meaningful to the business,” Ramachandran says. “The team is much closer than ever to the business because we are not talking infrastructure but how to make the business better.”
Walker says companies should measure twice, cut once. “Most teams want to jump straight into migration,” he says, “but the real work is building a complete inventory and mapping dependencies upfront.”
While it made sense for PPG to modernize some apps at the same time as the data center deconstruction work, Walker advises IT leaders to resist the urge to do everything at once. “Focus on moving what you understand first, and isolate the unknowns early,” he says.
“The success of these projects is usually determined by how well you handle the edge cases, not the easy wins.”
Any new technological development IT can make without interrupting operations dramatically reduces time to market, Ramachandran says.
Working on the latest technologies makes IT happy, and that helps with talent retention, he adds, “because we can say we’re cloud only, so this 143-year-old company looks modern. That is meaningful in so many ways.”
AI는 오늘날 업무 방식과 삶의 방식, 나아가 네트워크 트래픽까지 변화시킬 것이라는 기대를 받고 있다. 흥미롭고 심지어 흥분되는 흐름이지만, 만약 이 모든 것이 과장된 기대에 불과하다면 어떻게 될까. 월가는 AI에 대한 각종 주장에 점점 더 불안감을 드러내고 있으며, 엔비디아는 AI 산업의 중심에 있는 동시에 이러한 우려의 한복판에 서 있다. 현재의 AI 모델이 엔비디아와 같은 AI 기업의 재무 성과까지 포함해 모든 것을 바꿀 수 있을지에 대해서는 여전히 불확실성이 존재한다. 이는 분명한 리스크이며, 리스크에 직면했을 때 필요한 것은 ‘보험’이다. 다만 중요한 것은 적절한 형태의 보험을 선택하는 일이다.
현재 AI 투자 대부분은 클라우드 기반 기술에 집중돼 있다. 실제로 지출의 주체가 클라우드 사업자라는 점을 고려하면 자연스러운 흐름이다. 그러나 많은 투자자들은 이러한 접근 방식 자체가 일종의 ‘하이프’에 불과하다고 보고 있다. 엔비디아는 기존 모델을 공개적으로 부정하지는 않는다. 여전히 주요 수익원이기 때문이다. 대신, 시장의 기대가 붕괴되는 상황에 대비해 다양한 AI 접근 방식을 적극적으로 모색하고 있다. 일부는 작은 시도에 불과하지만, 일부는 대규모 프로젝트로 확장되고 있으며, 이들 모두가 중요한 의미를 갖는다.
엔비디아의 ‘AI 보험 전략’을 보여주는 대표적인 사례는 GPU 드라이버 업데이트 과정에서 확인할 수 있다. 엔비디아는 ‘ChatRTX’를 통해 RTX 30 시리즈 이상 GPU에서 오픈소스 기반 챗봇 LLM을 직접 실행할 수 있도록 지원하고 있다. 사용자는 자신의 데이터와 연동하면서도 완전한 데이터 주권을 유지할 수 있다. 이미 이전부터 존재하던 기능이지만, 최근 들어 이를 적극적으로 부각하고 있다. 이는 대형 클라우드 기반 챗봇에 대한 대안이자, 온프레미스·자체 호스팅 AI의 가능성을 보여주는 사례로 평가된다.
실시간 컴퓨팅 분야도 중요한 축으로 부상하고 있다. 엔비디아는 자사의 AI 도구를 활용해 디지털 트윈을 구축하는 기술을 꾸준히 발전시켜 왔으며, 이를 ‘월드 모델’로 정의하고 있다. 이 기술은 물리적 시스템을 모델링하고, 애플리케이션이 실제 환경의 실시간 프로세스를 제어할 수 있도록 지원한다. 지난 3월에는 기계 팔, 차량, 휴머노이드 로봇 등 다양한 형태의 로봇과 AI, 월드 모델을 결합하는 대규모 이니셔티브를 발표했다.
이러한 최신 전략에서 핵심은 ‘인지(perception)’ 기술이다. 이는 센서와 영상 데이터를 통해 현실 세계의 상태를 분석하고, 이를 제어 대상 프로세스를 반영하는 월드 모델에 반영하는 능력을 의미한다. 월드 모델을 현실과 지속적으로 동기화하는 것은 자율 시스템에서 가장 중요한 요소로 꼽힌다. 시스템 간 충돌이나 시설, 사람과의 사고를 방지하고, 의도한 대로 정확히 작동하도록 만드는 핵심 기반이기 때문이다.
이는 막대한 수익 기회를 창출할 수 있는 영역이다. 향후 시장 규모는 지난 70년간 IT 투자를 정당화해온 모든 비즈니스 사례를 합친 수준에 이를 수 있다는 평가도 나온다. 다만 기술 성숙까지는 시간이 필요하다. 현재 자율 시스템 기반 월드 모델을 실제 프로젝트에 활용 중인 기업은 20% 미만에 불과하다. 업계에서는 엔비디아를 비롯한 주요 AI 기업들이 이 시장을 2028년 전후의 핵심 성장 동력으로 보고 있는 것으로 분석한다.
2028년 전망이 다소 먼 이야기처럼 느껴진다면, 그보다 더 장기적인 기술이 있다. 바로 양자 컴퓨팅이다. 이미 일부 시스템은 존재하지만, 기업 환경에서 실제로 활용되는 사례는 사실상 없다. 최근에는 양자 컴퓨팅이 과거 기대와 달리 무한 확장이 어렵다는 분석도 제기됐다. 그럼에도 불구하고 잠재력은 여전히 막대하다. 이론적으로는 적절한 서버 수준의 장비만으로도 슈퍼컴퓨터에 맞먹는 성능을 구현할 수 있지만, 그 시점이 언제가 될지는 아직 불확실하다. 이에 엔비디아는 시장 성숙을 기다리기보다 선제 대응에 나서고 있다.
현재 양자 애플리케이션을 검증하는 유일한 방법은 시뮬레이션이며, GPU는 이를 위한 최적의 플랫폼으로 평가된다. 엔비디아는 CUDA-Q 플랫폼과 cuQuantum 라이브러리를 통해 시뮬레이션을 지원하고, NVQlink와 DGX Quantum을 통해 양자 시스템과 GPU 서버를 저지연으로 연결하는 구조를 구축하고 있다. 또한 ‘엔비디아 가속 양자 컴퓨팅 연구센터’를 통해 연구기관과 기업 간 협력 생태계 조성에도 나섰다. 이 모든 기술은 엔비디아의 양자 클라우드를 통해 초기 접근 형태로 제공되고 있다.
실시간 컴퓨팅과 양자 컴퓨팅이 주목을 받고 있지만, 전략적으로 가장 중요한 요소는 개인용 챗봇과 같은 소형 AI 솔루션이라는 분석도 나온다. AI 월드 모델과 양자 컴퓨팅이 장기적으로 효과를 발휘하는 ‘미래형 보험’이라면, 개인용 챗봇은 현재와 미래를 연결하는 현실적인 대안이다. 즉, 단순한 기대감이 아닌 실질적인 ‘AI 보험’ 역할을 수행할 수 있다는 의미다.
엔비디아 투자자가 아니라면 이러한 흐름이 왜 중요한지 의문이 들 수 있다. 그러나 핵심은 AI 열풍 이면에서 실제 비즈니스 가치를 만들어내는 기반이 구축되고 있다는 점이다. 현재도 기업 환경에서 활용 가능한 실질적 가치가 일부 입증되고 있지만, 본격적인 성과가 나타나기까지는 상당한 시간이 필요하다. 이 과정에서 AI에 대한 기대감은 시장의 관심을 유지하는 역할을 한다는 것이 업계의 시각이다.
결국 과제는 명확하다. 시장의 관심이 다른 곳에 쏠린 상황에서, 상대적으로 주목받지 못하는 AI 비즈니스 영역에 대한 관심을 끌어낼 수 있느냐다. 엔비디아가 이를 성공적으로 수행할 수 있을지 여부는 향후 AI 전환의 속도와 범위를 결정짓는 핵심 변수로 작용할 전망이다. ‘보험’도 중요하지만, 궁극적으로는 지속 가능한 성장 기반을 확보하는 것이 더 중요하다는 점을 시사한다.
dl-ciokorea@foundryco.com
The goal of ITIL is for organizations to create predictable IT environments, and deliver the best service possible to customers and clients by streamlining processes and identifying opportunities to improve efficiency.
ITIL has always focused on integrating IT into the business — something that’s become increasingly important as technology becomes vital to every business unit. ITIL 4, the latest iteration of the ITIL framework, maintains the original focus with a stronger emphasis on fostering an agile and flexible IT department. And as organizations embrace AI, using the principles outlined in the ITIL 4 framework can allow for better service optimization and free up employees to focus on higher-priority tasks and IT projects.
AI is transformative technology, and it can help support the service management practices outlined in ITIL 4. It’s technology that’s already been deployed in ITSM environments to support the IT service desk, especially through features such as chat bots, automated ticketing systems, and continuous threat monitoring. AI also has the potential to help alleviate some human error that can occur with IT service management, supporting IT departments by increasing automation.
Integrating AI into the ITIL 4 framework can also alleviate repetitive work for IT employees by enabling the automation of routine processes, which can reduce the time it takes to resolve tickets and solve IT issues. Other areas for automation include ticket logging, ticket prioritization, generating automated replies to inquiries, incident routing, and identifying key data points for continuous service improvement. AI-driven chatbots can help organizations handle simple inquiries that would normally clog up ticketing systems, keeping them clear for higher-priority tickets.
Alongside ITIL 4 principles, AI can be integrated to support several different areas of service management including:
ITIL 4 contains seven guiding principles that were adopted from the most recent ITIL Practitioner Exam, which covers organizational change management, communication, and measurement and metrics. These principles include:
ITIL 4 focuses on company culture and integrating IT into the overall business structure. It encourages collaboration between IT and other departments, especially as other business units increasingly rely on technology to get work done. There’s also a strong emphasis on customer feedback since it’s easier than ever for businesses to understand their public perception, as well as customer satisfaction and dissatisfaction.
For more information on the benefits of the latest version of ITIL, see “ITIL 4: ITSM gets agile.”
ITIL is a collection of e-books, but merely going on a reading binge won’t improve your IT operations. To effectively implement ITIL, you need to have everyone on board to adopt new procedures and best practices. Consider what type of consulting, training, and certifications you might want to take advantage of to prepare for the transition as well.
And before implementing ITIL at your organizations, there are several questions you should answer, such as what problems your organization is trying to solve and what’s your route to continual service improvement.
For a deeper look at putting ITIL into practice, see “7 questions to ask before implementing ITIL” and “How to get started with ITIL.”
The ITIL 4 certification scheme includes the ITIL Foundation and the ITIL Master exams. After passing the ITIL Foundation exam, the certification scheme splits into two paths with the option of the ITIL Managing Professional (MP) or ITIL Strategic Leader (SL) certifications, each of which has its own modules and exams. Those who complete both paths qualify for the ITIL Master designation, which is the highest level of certification offered.
The MP exam is designed for IT practitioners involved with technology and digital teams throughout the organization, not just in the IT department. This path will teach professionals everything they need to know about running successful IT projects, teams, and workflows.
Modules include:
The SL exam is designed for those who deal with all digitally enabled services, and not just those that fall under IT operations. This path focuses on how technology directs business strategy and how IT plays into that.
Modules include:
For an in-depth look at ITIL certification, see “ITIL certification guide: Costs, requirements, levels, and paths.”
A well-run IT organization that manages risk and keeps the infrastructure humming not only saves money but also enables everyone in the organization to do their jobs more effectively. For example, brokerage firm Pershing reduced its incident response time by 50% in the first year after restructuring its service desk according to ITIL guidelines, enabling users with problems to get back to work much quicker.
ITIL provides a systematic and professional approach to the management of IT service provision, and offers benefits including reduced costs and improvements to productivity, use of skills and experience, IT services using proven best practices, delivery of third-party services, and customer satisfaction through a more professional approach to service delivery. According to PeopleCert, ITIL can also help businesses improve services by helping businesses manage risk, disruption, and failure; strengthening customer relations by delivering efficient services that meet their needs; establishing cost-effective practices; and building a stable environment that still allows for growth, scale, and change.
For a deeper look at how to get the most from ITIL, see “6 tips for ITIL implementation success.”
Getting started involves the purchase of the ITIL either as hardcopy, PDF, ePub, or through an online subscription directly from PeopleCert. Then there’s the cost of training, which fluctuates each year.
The course leading to the initial Foundation Certificate typically runs for two days, and courses leading to higher certifications can be a week or more. And add to that the inevitable cost of re-engineering some processes to comply with ITIL guidelines, and adjustment of help desk or other software to capture the information you need for tracking and generating metrics.
Corporations and public sector organizations that have successfully implemented ITIL best practices report huge savings.
For example, in its Benefits of ITIL paper, Pink Elephant reports that Procter & Gamble saved about $500 million over four years by reducing help desk calls and improving operating procedures. Nationwide Insurance achieved a 40% reduction in system outages and estimates a $4.3 million ROI over three years, and Capital One reduced its business-critical incidents by 92% over two years.
Without buy-in and cooperation from IT staff, however, any implementation is bound to fail. Bringing best practices into an organization is as much a PR job as it is a technical exercise. And it’s impossible to plan for every failure, event, or incident so it’s not an exact science. You won’t know the exact ROI on ITIL until you implement it within your organization and use it effectively. Ultimately, since ITIL is a framework, it can only be as successful as corporate buy-in allows. But embracing certifications, training, and investing in the shift will help increase the chances of success and savings.
More on ITIL and ITSM:
Citius, Altius, Fortius. More than a slogan, “Faster, Higher, Stronger Together” is a phrase etched in the minds of many IT decision-makers. Technology is essential. Nobody wants to fall behind. Doing so could mean losing out on many advantages and, consequently, significant business.
Therefore, it’s not surprising that Gartner forecasts global IT spending to reach $6.31 trillion this year, a 13.5% increase compared to 2025 — and nearly 3% more than Gartner forecasted in February, at 10.8% growth.
A sustained push in AI infrastructure, software, and IaaS is key to this growth, according to the research firm. “These shifts are reinforcing a multi‑speed IT market, with hyperscaler purchases and AI‑centric software segments significantly outperforming more traditional categories,” Gartner reported in a statement.
John-David Lovelock, analyst and distinguished vice president at Gartner, underscored that accelerated momentum in AI infrastructure and advanced memory played a significant role in the firm’s growth revision.
“As AI workloads scale, data center investment is ramping rapidly, which in turn is driving increased demand for high‑performance compute,” Lovelock said in the statement. “This dynamic is creating meaningful growth opportunities for companies delivering AI‑optimized processors, accelerators, and enabling technologies.”
What will grow the most? Spending on data center systems, at 55.8%, to exceed $787 million in 2026.
Supply constraints and strong demand have also resulted in record price increases for high-bandwidth memory, according to Lovelock, as hyperscaler demand drives sharp increases in investments in servers. “These trends collectively make AI infrastructure the most attractive segment for capitalizing on the robust expansion in IT spending,” he said.
Those same higher memory prices are impacting device replacement cycles, according to the firm. Device spending is growing, to be sure, but at a lower rate (8.2%) than the IT sector overall.
“Together, these dynamics highlight a widening divergence across IT markets, as AI infrastructure and GenAI software see substantial upward revisions while device growth reflects ongoing cost and pricing pressures,” Lovelock noted.
하이퍼스케일러와 기타 데이터센터 운영사에 제공되는 세제 혜택이 지방정부에 수십억 달러 규모의 부담을 안기고 있다. 비영리 단체 굿잡스퍼스트(Good Jobs First)가 공개한 보고서에 따르면, 미국에서는 이미 3개 주가 10억 달러(약 1조 4,700억 원) 이상의 잠재 세수를 포기하고 있으며, 14개 주는 데이터센터 보조금이 납세자에게 어떤 비용 부담을 주는지조차 공개하지 않고 있다.
굿잡스퍼스트는 이 같은 세금 감면 미공개가 미국 일반회계원칙(GAAP)에 위배된다고 지적했다. 특히 2017년 이후부터는 이러한 세제 혜택을 ‘손실된 세수’로 보고해야 한다고 강조했다.
굿잡스퍼스트는 “대규모 인공지능(AI) 시설이 등장하기 이전, 훨씬 작은 규모의 데이터센터를 기준으로 만들어진 세금 감면 법안이 현재는 예상치 못한 수준의 세수 손실을 초래하고 있다”며 “조지아, 버지니아, 텍사스 등 3개 주는 이미 연간 10억 달러 이상의 세수를 잃고 있다”고 밝혔다.
납세자 입장에서는 기업에 제공되는 과도한 세제 혜택과 이에 따른 세수 감소에 불만이 커질 수 있지만, 데이터센터 운영을 추진하는 기업에는 오히려 유리한 환경이 조성되고 있다. 다양한 인센티브와 우호적인 조건이 제공되면서 혜택을 적극적으로 활용할 수 있기 때문이다.
글로벌 컨설팅 기업 PwC는 기업들이 데이터센터 관련 다양한 세금 감면 제도를 통해 실질적인 비용 절감 효과를 얻을 수 있다고 분석했다.
미국 외 국가들도 데이터센터 유치를 위해 유사한 재정 지원을 제공하고 있다. 영국은 에너지 절감 기술에 대해 100% 세액 공제를 지원하고 있으며, 브라질 역시 데이터센터 운영에 일정 수준의 세제 혜택을 제공하고 있다.
dl-ciokorea@foundryco.com
Tax benefits for hyperscalers and other data center operators are costing local administrations billions of dollars. In the US, three states are already giving away more than $1 billion in potential tax revenue, while 14 are failing to declare how much data center subsidies are costing taxpayers, according to Good Jobs First.
The campaign group said the failure to declare the tax subsidies goes against US Generally Accepted Accounting Principles (GAAP) and that they should, since 2017, be declared as lost revenue.
“Tax-abatement laws written long ago for much smaller data centers, predating massive artificial intelligence (AI) facilities, are now unexpectedly costing governments billions of dollars in lost tax revenue,” Good Jobs First said. “Three states, Georgia, Virginia, and Texas, already lose $1 billion or more per year,” it reported in its new study, “Data Center Tax Abatements: Why States and Localities Must Disclose These Soaring Revenue Losses.”
While taxpayers may be aggrieved at the tax advantages being dished out to these corporations and the loss of revenue, enterprises looking to run data centers are being offered a lot of favorable terms and are in a good position to benefit from the incentives. Management consultant PWC has pointed out that companies can reap the rewards of a variety of tax breaks for data centers.
Outside the US, other countries are happy to provide financial breaks to data center operators too: the UK can offer 100% tax relief on energy saving technology while Brazil also provides an element of relief for the operation of data centers.
This article first appeared on Network World.
양자 컴퓨팅 기업들의 발표는 이른바 ‘Q-데이(Q-day)’ 도래 시점을 점점 앞당기고 있다. Q-데이는 양자 컴퓨터가 일반적인 비즈니스 애플리케이션에 활용될 만큼 강력해지거나, 기존 암호화 표준을 무력화할 수 있는 시점을 의미한다. 시장조사기관 포레스터의 최신 전망에 따르면 그 시점은 2030년경이 될 가능성이 크다.포레스터의 애널리스트 브라이언 홉킨스는 보고서에서 “양자 컴퓨팅 산업은 2025년에 변곡점을 넘어섰다”라며 “벤더가 이론적 오류 내성 아키텍처를 넘어 초기 엔지니어링 현실 단계로 이동했다”라고 분석했다.
예를 들어 IBM은 2029년까지 오류 내성 양자 컴퓨팅을 달성하겠다는 로드맵을 제시했다. 홉킨스는 “불과 몇 년 전만 해도 비현실적으로 치부됐을 목표”라고 평가했다.
글로벌 사이버 보안 교육 기관 ISC2의 CISO 존 프랑스는 “양자 컴퓨팅은 기존 암호화 방식에 대한 명확하고도 현실적인 위협”이라고 진단했다.
기업이 양자 컴퓨팅에 대비하는 방법은 크게 두 가지다. 첫 번째이자 가장 시급한 과제는 핵심 기밀을 보호하는 일이다. 국가 단위 행위자와 기타 위협 주체가 이미 암호화된 정보를 수집해 두었다가, 향후 양자 컴퓨터로 이를 해독하려 할 가능성이 높다는 분석이다. 이를 방어하려면 온라인 통신에 주로 사용되는 비대칭 암호보다 상대적으로 해독이 어려운 대칭 암호와, 양자 안전 비대칭 암호 알고리즘을 병행 적용해야 한다. 프랑스는 “이상적으로는 지금 당장 양자 복원력이 있는 알고리즘을 사용해야 한다”라며 “이미 많은 조직이 그렇게 하고 있다”라고 설명했다.
두 번째는 양자 컴퓨팅 도입 시 실질적 이점을 얻을 수 있는 기업이 관련 역량을 선제적으로 확보하는 일이다. 복잡한 금융, 물류, 과학 문제를 다루는 기업이라면 양자 기술을 통해 경쟁력을 강화할 수 있다. 단순히 암호화를 보완하는 것만으로는 충분하지 않으며, 인증 체계 등 보안 전반에 대한 재검토도 필요하다는 지적이 나온다.
다행히 양자 물리학 박사 학위가 여러 개 없어도 기술을 활용할 수 있는 환경이 조성되고 있다. 주요 벤더가 일반 사용자도 접근할 수 있도록 플랫폼을 고도화하고 있기 때문이다. 다만 기본적인 이해를 갖추는 일은 여전히 중요하다.
ISC2는 이러한 수요에 맞춰 최근 사이버 보안 관점에서 양자 컴퓨팅을 다루는 속성 입문 과정을 개설했다. 30분 분량의 온라인 프로그램으로, 수강료는 23달러이며 ISC2 회원은 19달러에 수강할 수 있다. 별도의 선수 요건은 없다.
ISC2의 학습 경험 담당 부디렉터 존 더건은 “이 과정은 주제를 빠르게 이해할 수 있는 기초를 제공하는 데 목적이 있다”라며 “수강생이 양자 컴퓨터를 직접 설계하는 수준까지 다루는 것은 아니지만, 최신 흐름을 따라가면서 보수 교육 학점을 취득할 수 있도록 설계됐다”라고 전했다.프랑스는 향후 양자 관련 과정을 추가로 확대할 계획이라고 밝혔다. 프랑스는 “양자 분야는 변화 속도가 매우 빠르기 때문에 익스프레스 학습 형태로 지속적으로 다룰 예정”이라고 언급했다.
암호화 대응이 가장 많은 기업에 시급한 과제라면, 일부 기업은 이미 양자 컴퓨팅 분야 인재 채용에 나서고 있다. 인재 채용 전문 기업 CNA 서치(CNA Search)의 설립자이자 수석 리크루터 제이슨 크레인은 방산업체, 국립 연구소, 금융 서비스 기업이 대표적이라고 소개했다. 크레인은 “JP모건, 골드만삭스, 여러 헤지펀드가 활발한 양자 연구팀을 운영하고 있다”라며 “대규모 채용 단계는 아니지만, 현재 존재하는 직무의 보상 수준은 매우 높은 편”이라고 설명했다.
다만 양자 인재를 둘러싼 병목 현상도 이미 나타나고 있다. 크레인은 기업이 필요한 인재를 찾고 검증하는 데 어려움을 겪고 있다고 전했다. 대다수 고용주는 물리학, 수학, 암호학, 소프트웨어 엔지니어링 분야의 전문성을 갖춘 학문적 배경을 중시한다. 크레인은 “그 다음으로는 실제 도구와 프레임워크를 활용한 경험을 확인하려 한다”라고 설명했다.
잠재력을 보고 인재를 선발해 내부에서 육성하는 기업도 있다. 크레인은 “현재 클라우드나 사이버 보안 분야처럼 명확한 양자 인증 체계는 아직 없다”라며 “양자 분야로 전환하려는 인재는 벤더 교육, 온라인 강좌, 주요 기업이 공개한 클라우드 환경에서의 실습을 조합해 준비하고 있다”라고 전했다. 이어 “상당 부분은 직접 해보며 배우는 방식”이라고 표현했다.크레인은 구직자에게 양자 역량은 장기적인 투자에 가깝다고 조언했다. 다만 선제적으로 진입할 수 있는 기회가 열려 있다고 봤다. 크레인은 “2010년에 AWS를 배우는 것과 비슷하다”라며 “당시에는 필요성이 크지 않았지만 지금은 모두가 필요로 한다. 초기에 뛰어든 사람은 후회하지 않았다”라고 분석했다.
이제 가격, 경험 수준, 학습 기간별로 살펴본 주요 온라인 양자 컴퓨팅 및 사이버 보안 교육 과정을 소개한다.
• 과정명: Introduction to Quantum Computing Express Course
• 가격: 비회원 23달러, ISC2 회원 19달러
• 기간 및 방식: 30분, 주문형(on-demand) 자율 학습 과정으로 오디오 및 텍스트 기반 콘텐츠와 이해도 점검 문제 포함
• 선수 요건: 없음
• 이수 혜택: 디지털 수료증, ISC2 자격에 자동 보고되는 그룹 A CPE 0.5학점
• 대상: 신기술과 전략적 보안 이슈에 대한 이해를 넓히려는 사이버 보안 전문가
• 학습 내용: 양자 컴퓨팅의 작동 원리와 기술 발전 방향, 그리고 조직이 양자 시대의 위협에 대비하기 위해 취해야 할 조치를 실무 중심으로 개괄
• 과정명: 공인 양자 보안 전문가(CQSP)
• 가격: 자격 시험만 299달러, 자격·교육·재시험 1회 포함 700달러
• 기간 및 방식: 16시간 과정으로 온·오프사이트 워크숍 형태, 문서 키트 제공, 팀 교육 및 경영진 대상 프레젠테이션 포함
• 선수 요건: 16시간 CQSP 워크숍 이수 또는 시험 블루프린트 주제를 다루는 최소 16시간 이상의 동등한 공식 교육 이수 권장(사이버 보안 전문가 대상)
• 이수 혜택: CQSP 수료증
• 대상: 양자 컴퓨팅 시대를 준비하는 보안 리더, 아키텍트, 컴플라이언스 담당자
• 학습 내용: 양자 안전 암호, 위험 평가, NIST·ISO·ETSI 표준과의 정렬 방안 등 조직의 양자 대응 전략을 주도할 수 있도록 하는 실무 중심 교육
• 과정명: 공인 양자 사이버 보안 분석가(CQCA)
• 가격: 2,199달러
• 기간 및 방식: 2일 과정으로 강의, 실습, 실제 사례 연구를 병행
• 선수 요건: 사이버 보안 개념과 암호 기술에 대한 기본 이해
• 이수 혜택: 전체 시험 점수 70% 이상 및 각 영역별 최소 기준 점수 충족 시 토넥스 CQCA 수료증 부여
• 대상: 사이버 보안 전문가, IT 관리자, 시스템 아키텍트, 보안 솔루션 설계·구현·운영에 관여하는 담당자
• 학습 내용: 양자 컴퓨팅의 기초와 사이버 보안에 대한 영향, 고급 암호 기술, 양자 저항 알고리즘, 양자 키 분배(QKD) 프로토콜
토넥스는 이와 함께 ‘공인 양자 및 포스트 양자 암호 전문가(QPQCP)’ 자격 프로그램도 운영하고 있다.
• 과정명: Practical Introduction to Quantum-Safe Cryptography
• 가격: 무료
• 기간 및 방식: 자율형 온라인 과정으로, 멀티모달 강의와 인터랙티브 실시간 코드 예제 제공
• 선수 요건: 별도 명시 없음, 개발자 대상 설계
• 이수 혜택: 온라인 단기 시험 통과 시 크레들리(Credly)를 통한 IBM 디지털 배지 발급
• 대상: 포스트 양자 시대에 맞춰 애플리케이션 보안을 현대화하려는 개발자
• 학습 내용: 암호학적 해시 함수, 대칭·비대칭 키 암호, 양자 안전 암호의 개념과 함께 진화하는 사이버 보안 위협 환경, 그리고 양자 시대에 적용 가능한 최신 대응 방식
IBM은 이와 함께 200달러에 ‘IBM Certified Quantum Computation using Qiskit v2.X Developer – Associate’ 수료 프로그램을 제공한다. 또한 시험 준비를 지원하기 위해 무료 강좌 5개로 구성된 ‘Understanding Quantum Information and Computation’ 시리즈도 운영하고 있다.
• 과정명: Azure Quantum Learning Path
• 가격: 무료
• 기간 및 방식: 마이크로소프트 런(Microsoft Learn)을 통해 제공되는 6개 자율형 온라인 인터랙티브 모듈(총 약 3시간)과 Q# 프로그래밍 튜토리얼 ‘Quantum Katas’ 포함
• 선수 요건: 애저 생태계와 선형대수에 대한 기본 지식, 비주얼 스튜디오 코드 사용 경험
• 이수 혜택: Microsoft Learn 수료 배지
• 대상: MS 도구를 활용해 양자 프로그래밍을 직접 실습하려는 개발자 및 기술 전문가
• 학습 내용: 양자 컴퓨팅 기초, Quantum Development Kit 및 Q#을 활용한 프로그램 개발 방법, Azure Quantum 리소스 추정기를 통한 물리적 자원 요구량 산정 방법
• 과정명: Skill Builder: Amazon Braket Learning Plan
• 가격: 무료
• 기간 및 방식: AWS 스킬 빌더에서 제공하는 2개 자율형 온라인 과정으로, 60분 입문 과정과 90분 양자 애플리케이션 개발 과정으로 구성
• 선수 요건: 별도 명시 없음, AWS 서비스에 대한 기본 이해 권장
• 이수 혜택: 50문항 온라인 평가에서 80% 이상 획득 시 Amazon Braket 디지털 배지 발급
• 대상: 양자 컴퓨팅 개발자, 교육자, 일반 관심자, 브라켓을 수업에 활용하는 강사
• 학습 내용: Amazon Braket의 기본 개념, 양자 컴퓨터 프로그래밍과 잠재적 활용 사례 탐색, AWS 도구를 활용한 하이브리드 양자-고전 알고리즘 실행 방법
• 과정명: Quantum Computing Fundamentals
• 가격: 2개 과정 패키지 2,500달러
• 기간 및 방식: 각 4주 과정 2개로 구성되며, 주당 4~6시간 학습 분량. 영상 강의, 시뮬레이션, 사례 연구, 라이브 웨비나를 포함한 100% 온라인 과정
• 선수 요건: 선형대수 기초 지식
• 이수 혜택: MIT 전문 수료증 및 4.0 평생교육학점(CEU)
• 대상: 양자 컴퓨팅이 비즈니스와 기술에 미치는 영향을 이해해야 하는 기업·정부·기술 분야 전문가 및 리더
• 학습 내용: 사이버 보안, 화학, 최적화 분야에서 양자 알고리즘이 기존 알고리즘을 능가하는 방식, 양자 시스템의 공학적 요구사항, IBM Q 경험을 활용한 실습 중심의 비즈니스 적용 사례
• 과정명: Quantum Computing for Everyone
• 가격: 청강 무료, 수료증 과정 398달러(현재 358달러로 할인 중)
• 기간 및 방식: 약 3개월, 주당 3~5시간, 자율형 온라인 과정
• 선수 요건: 프로그래밍 경험과 기초 대수 지식, 물리학 배경은 필요 없음
• 이수 혜택: 시카고대학교 edX 전문 수료증
• 대상: 고급 수학 지식 없이도 양자 컴퓨팅이 기업, 정부, 사회에 미칠 영향을 이해하려는 학습자
• 학습 내용: 양자 컴퓨팅의 물리학적 기초, 산업과 사회에 대한 영향, 구체적 활용 사례 식별 방법, 1·2큐비트 연산을 활용한 기초 양자 소프트웨어 구현
• 과정명: Quantum 101: Quantum Computing & Quantum Internet
• 가격: 청강 무료, 인증 전문 수료증 370달러(현재 333달러로 할인 중)
• 기간 및 방식: 2개 과정, 3개월, 주당 6~8시간, 자율형 온라인
• 선수 요건: 기초 물리·수학 지식이 있으면 도움이 되며, 고급 학위는 필요 없음
• 이수 혜택: 델프트 공과대학교 edX 전문 수료증
• 대상: 공학, 화학, 컴퓨터 과학, 물리학 등 다양한 분야에서 양자 기술 심화 학습이나 경력 확장을 준비하는 학생 및 전문가
• 학습 내용: 양자 컴퓨터와 양자 인터넷의 물리적 구현 및 제어 방식, 양자 알고리즘, 오류 수정, 컴파일러와 프로그래밍 언어, 양자 네트워킹과 안전한 양자 통신의 원리
• 과정명: Introduction to Post-Quantum Cryptography
• 가격: 청강 무료, 인증서 249달러(현재 212달러로 할인 중)
• 기간 및 방식: 6주 온라인 과정으로 강의와 실습 병행
• 선수 요건: STEM 입문 학습자 대상, 고급 배경 지식 불필요
• 이수 혜택: UMBC edX 인증 수료증
• 대상: 양자 컴퓨팅 위협에 대응하려는 사이버 보안 전공 학생 및 실무자
• 학습 내용: 양자 안전 암호의 이론과 실제 문제 해결을 포함한 몰입형 입문 과정. NIST 포스트 양자 암호(PQC) 표준인 카이버(Kyber)와 딜리시움(Dilithium)을 활용한 실습 포함
• 과정명: Quantum Computing for Cybersecurity Graduate Certificate
• 가격: 7,197달러
• 기간 및 방식: 12학점, 온라인 제공
• 선수 요건: STEM 분야 종사자 또는 최근 졸업자, 대학원 입학 요건 충족 필요
• 이수 혜택: 다코타주립대학교 대학원 수료증
• 대상: 포스트 양자 암호와 양자 암호학을 포함해 양자 컴퓨팅이 사이버 보안에 미치는 영향을 심층적으로 학습하려는 STEM 전문가
• 학습 내용: 양자 공격에 견딜 수 있는 암호 솔루션을 분석·설계하는 방법과 함께 공격·방어 전략 전반을 포괄
• 과정명: Quantum Computing Graduate Certificate
• 가격: 약 1만 1,000달러
• 기간 및 방식: 4개 과목, 12학점, 비동기식 100% 온라인 과정으로 2개 학기 이상에 걸쳐 이수하도록 설계
• 선수 요건: STEM 분야 종사자 또는 최근 졸업자, 대학원 입학 요건 충족 필요
• 이수 혜택: 로드아일랜드대학교 대학원 수료증
• 대상: 양자 산업 분야 진출을 준비하는 STEM 전문가 및 졸업자
• 학습 내용: 양자 컴퓨팅 기초 이론, IBM 키스킷(Qiskit) SDK를 활용한 양자 알고리즘 설계 및 적용 역량, 양자 센싱, 텔레포테이션, 암호, 회로, 통신에 대한 전반적 이해
dl-ciokorea@foundryco.com
The rise of AI has created significant challenges for modern data center infrastructure in terms of power management. Traditional enterprise racks that once consumed an average of 7-10 kW, require close to 30-100 kW today. This significant increase in computational requirements has revealed a fundamental bottleneck: The traditional infrastructure isn’t enough to sustain AI growth.
However, AI can also prove to be a savior: By embedding it into hardware design and automated construction workflows, data centers can evolve into intelligent, adaptive systems instead of the passive hubs that they are.
Due to the rapid development of AI models, a significant innovation is required to reshape hardware design into a streamlined AI-driven innovation cycle. This is required at the microarchitecture design and macro-level system management.
Modern-day AI accelerator chips integrate chiplets, high bandwidth memory (HBM) stacks and dense interconnect structures; hence, manual design isn’t scalable. AI-driven EDA tools are essentially the future.
AI-driven EDA tools can be pivotal in multiple avenues. In one such instance, Google has shown that something as complex as chip floorplanning can be done in hours that rival or surpass human efforts in terms of quality. These optimizations can reduce parasitic energy losses and prevent thermal hotspots in the physical design (PD).
AI models can also be used to evaluate thousands of multi-die configurations to predict hotspots, “through silicon via” (TSV) density issues and power-delivery constraints. This enables far more thermally balanced 2.5D/3D layouts than traditional heuristics.
Apart from PD floorplanning and prevention of hotspots, verification is another avenue where AI-driven EDA can be useful. Verification is significantly important because it consumes up to 70% of chip development time. AI tools such as Synopsys ML verification and Cadence Cerberus will prove to be useful tools to reduce this development time. Once the development time of a chip is reduced, meeting the growing performance needs of AI models will be feasible.
Another avenue where AI can be useful is reducing the power consumption in frontend design. Researchers have successfully demonstrated that ML-driven dynamic voltage frequency scaling (DVFS) strategies reduce the power without significant performance loss. AI can also be used to predict power consumption of the RTL design and post-layout snapshot in seconds, allowing designers to iterate rapidly.
Since modern AI chips generate vast amounts of heat, which can lead to hardware failure, modern AI chips require algorithms that can analyze data from multiple thermal sensors. AI algorithms can play pivotal roles here. Modern datacenters have used AI to reduce energy consumption in facilities, achieving significant amounts of energy savings. These AI-driven systems improve hardware longevity and reliability while significantly reducing operational costs.
AI can also be used to analyze the operational data and identify energy-intensive processes. It also then goes on to allocate computational tasks to efficient resources. This leads to less idle time and hence avoids power waste.
This creates a “self-sustainable cycle”: Power-optimized hardware enables the training of even more powerful AI models, which in turn are used to design the next generation of hardware.
To meet the demand for “speed-to-market,” AI can be integrated into procurement and design phases of data centers. These segments were historically slowed by manual reviews and complex specifications, something that AI can help with.
AI tools can be particularly useful in automating tasks that otherwise require a substantial amount of manual work. For example, LLM-based assistants trained on design standards and Request for Information (RFI) history can now respond to vendor queries in minutes – a task that would have taken a control engineer 2 to 4 hours. Similarly, machine learning systems can be used to extract control point requirements (temperature setpoints and pressure limits, for example) from 100% design drawings. This can help reduce human errors while transitioning from blueprint to physical installation.
In addition to identifying control requirements, generative AI tools can organize information scattered across multiple documents and convert it into structured outputs. For example, AI can automatically generate equipment schedules that list all major components, their capacities, control parameters and operating limits. Activities that once took design teams several weeks—such as cross-checking documents, extracting control data and preparing schedules—can potentially be completed in hours.
The commissioning process of the datacenter spans across five levels: Originating with factory tests and ending with integrated system testing. This is a final hurdle before the data center goes live in operation. Consequently, it’s a key step in the process, but can become tedious as it requires validating complex interconnected electrical and mechanical systems to ensure zero-downtime reliability, often under tight timelines. AI scripts can be helpful in reducing the burden here by automatically checking software configurations and interconnected systems to reduce rework during final testing. Generative AI can also be used to simulate system behavior under various operating conditions before physical commissioning can start. This allows the system to achieve optimal performance upon handover.
AI can also be used to make the management of data centers predictive and proactive instead of reactive. For example, AI can be used to predict the maintenance schedule. This is possible after the initial model is trained on vibration and voltage sensors. After that, the AI model can forecast failures. This will lead to an increase in reliability and a reduction in unplanned downtime.
Similarly, AI can also be used to place high-intensity workloads in cooler areas of a datacenter, preventing “thermal hotspots”. This will reduce the energy required for cooling.
Since security is of paramount importance in data centers, AI can also be used to enhance physical and digital defense by tracing network anomalies, such as suspicious traffic patterns or unauthorized access attempts. This will lead to the neutralization of threats in real-time, instead of reacting to the threats.
Traditionally, enterprise servers had a lifecycle of 3-5 years. Now, with AI models being developed rapidly, AI hardware is being refreshed in 12-18 months. This is leading to large amounts of “embodied carbon waste”, which isn’t environmentally sustainable.
Consequently, hardware and infrastructure engineers need to pivot to a circular hardware economy framework, where hardware is an “evolving asset”.
At the hardware level, modularity is paramount, so that operators can upgrade to high-performance accelerators while retaining the chassis, power delivery units and cooling manifolds. This will significantly reduce the embodied carbon waste during raw material extraction and fabrication of the non-compute components.
To further solve this issue, AI can be used to decommission the hardware. Intelligent AI systems can analyze the telemetry data points from the server rack’s operational history to predict the remaining useful life of the chip or components around it (such as power delivery units or cooling manifolds). Healthy units can then be redeployed to “edge” data centers for less intense inference tasks, whereas failing units can be routed to specialized facilities for recovery of important materials.
This way, we can address the AI paradox: Use AI to mitigate the environmental footprint of the machines. This ensures that the next generation of infrastructure is not produced for better speed and performance, but is also sustainable.
With the exponential growth of performance-critical AI models, AI has become a foundational requirement for datacenter infrastructure. Even though modern AI models lead to an increase in total power/energy consumption, they can also act as a critical driving force to mitigate the same. To keep up with the growing rise of AI models and the subsequent rise of power/energy consumption, we need to switch to modern approaches rather than relying on conventional engineering. The next generation of datacenter infrastructure will be defined by how well we manage the evolution of hardware design and automated construction to build AI-capable data centers.
By integrating AI at the silicon level and the structural level, we are not just building faster computers; we are building a more intelligent foundation for the future of technology.
Disclaimer: The views expressed in this article are solely those of the authors in a personal capacity and do not represent the views of their employers.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
엔비디아의 최신 세대 AI 칩인 루빈(Rubin) GPU는 올해 말 출하될 예정이지만, 지속되는 지정학적 압박과 공급망 제약으로 인해 공급 지연에 직면할 가능성이 있다.
시장조사업체 트렌드포스에 따르면, 엔비디아 전체 출하량에서 루빈 GPU가 차지하는 비중은 당초 29%에 이를 것으로 예상됐으나, 현재는 2026년 기준 22% 수준에 머물 것으로 전망된다. 트렌드포스는 지연의 주요 원인으로 HBM4 검증 과정, 네트워크 인터커넥트를 CX8에서 CX9로 전환하는 작업, 크게 증가한 전력 소비 관리, 그리고 한층 고도화된 액체 냉각 환경에서의 성능 최적화 과제를 지목했다.
이러한 지연은 차세대 AI 인프라 업그레이드의 다음 단계에 영향을 미칠 가능성이 있다.
엔비디아는 해당 사안에 대한 논평 요청에 즉각적인 답변을 내놓지 않았다.
현재 엔비디아의 블랙웰(Blackwell)과 호퍼(Hopper) 아키텍처와 같은 최신 세대 플랫폼은 학습과 추론 워크로드를 처리하는 데 여전히 충분한 성능을 제공하고 있다. 그러나 루빈은 단순한 GPU 업그레이드를 넘어서는 의미를 지닌다. 연산 밀도와 메모리 대역폭, 전반적인 효율성을 향상시켜 대규모 AI 운영의 경제성을 개선하도록 설계됐다.
그레이하운드 리서치의 수석 애널리스트 산칫 비르 고기아는 “루빈은 토큰당 비용을 낮추고, 대규모 워크로드에 필요한 GPU 수를 줄이며, 대규모 추론을 경제적으로 지속 가능하게 만드는 것을 목표로 한다”라며 “특히 연산 수요를 크게 증가시키는 에이전틱 AI 워크로드로 전환이 가속화되는 상황에서 이러한 변화는 더욱 중요하다”라고 설명했다.
루빈 플랫폼은 고밀도 시스템, 첨단 냉각 기술, 긴밀하게 통합된 아키텍처를 지원할 수 있는 인프라를 갖춘 하이퍼스케일러와 AI 네이티브 기업을 중심으로 초기 도입이 이뤄질 것으로 예상됐다.
일반적으로 하이퍼스케일러는 최신 GPU를 가장 먼저 도입해 내부 인프라와 클라우드 플랫폼에 적용한다. 이후 약 6~12개월에 걸쳐 API와 서비스 형태로 기업에 제공하는 방식이 일반적이다.
컨설팅 기업 테크인사이트의 반도체 애널리스트 마니시 라왓은 “하이퍼스케일러는 블랙웰의 수명을 연장하고 투자 대비 수익률이 높은 워크로드를 우선 배치함으로써 초기 충격을 흡수할 것”이라며 “이로 인해 외부에 제공되는 클라우드 용량은 줄어들고, 가용성은 더욱 제한되며, 가격 변동성은 커질 수 있다. 또한 예약 용량의 중요성도 한층 높아질 것”이라고 분석했다.
라왓은 이어 “기업은 클라우드 기반 AI 인프라에 대한 접근이 제한되고, 차세대 인스턴스의 제공이 지연되는 2차적인 영향을 겪을 가능성이 있다”고 전망했다.
루빈의 출시가 지연되더라도 기업의 AI 도입이 중단되지는 않을 것으로 보인다. 다만 배포 일정과 비용에 대한 기대치는 조정이 불가피하다.
많은 기업의 AI 전략은 향후 등장할 하드웨어가 현재의 비효율성을 개선해 줄 것이라는 기대를 바탕으로 수립돼 있다. 즉, 더 나은 달러당 성능, 더 높은 집적도, 향상된 에너지 효율을 전제로 하고 있다.
고기아는 이러한 상황이 AI 프로젝트 중단으로 이어지지는 않겠지만, 보다 단계적인 도입, 하이브리드 소비 모델의 확대, 그리고 재무적 검토의 강화로 이어질 것이라고 설명했다. 또한 기업은 특정 하드웨어 로드맵에 조기에 종속되는 것을 피하기 위해 추론 중심 배포, 소규모 클러스터, 그리고 유연한 확장이 가능한 하이브리드 아키텍처를 우선시할 것으로 내다봤다.
라왓은 이 같은 변화가 AMD 및 맞춤형 실리콘과 같은 대안으로의 다변화를 가속화하고, CUDA를 넘어서는 소프트웨어 이식성에 대한 관심을 높일 수 있다고 분석했다.
이번 영향은 프라이빗 AI 클러스터와 AI 팩토리 환경과 같은 대규모 프로젝트에서 더욱 두드러질 전망이다.
라왓은 “루빈은 상시 가동되는 AI 팩토리를 위해 시스템 수준에서 최적화된 AI 인프라로의 전환을 의미하며, 뛰어난 비용 효율성과 처리량을 제공하는 것을 목표로 한다”라며 “출시가 지연될 경우 기업은 엔비디아 블랙웰과 호퍼 기반 인프라를 계속 구축하게 되며, 아키텍처 방향성은 유지되지만 경제성은 낮아지고 활용률은 떨어지며 전력 비용과 하드웨어 의존도는 높아질 수 있다”고 설명했다.
트렌드포스는 루빈이 부재한 상황에서 기업이 기존 플랫폼, 특히 엔비디아 블랙웰 아키텍처에 계속 의존할 것으로 전망했다. 이에 따라 2026년에는 GB300 또는 B300 시리즈를 중심으로 블랙웰 플랫폼이 전체 출하량의 70% 이상을 차지할 것으로 예상된다.
라왓은 AI 도입이 워크로드 수요에 기반해 지속되는 만큼, 배포 주기가 분기 단위로 늘어나며 수요가 일시적으로 이연되는 현상이 나타날 수 있다고 분석했다. 다만 루빈 플랫폼이 본격적으로 시장에 공급되면, 억눌렸던 수요가 다시 빠르게 증가할 가능성이 높다고 내다봤다.
dl-ciokorea@foundryco.com
Los resultados de un estudio de Gartner publicado hace unos días muestran que solo el 28% de los casos de uso de la IA en infraestructura y operaciones tienen éxito completo y cumplen las expectativas de retorno de la inversión, mientras que un 20% acaban fracasando. Según Melanie Freeze, directora de investigación de Gartner, el fracaso “ocurre con mayor frecuencia” por varias razones, entre ellas las expectativas poco realistas sobre lo que pueden hacer las herramientas de IA y las carencias de competencias durante la fase piloto.
Aunque estos resultados suponen una mejora con respecto a los preocupantes hallazgos del MIT publicados el año pasado, que revelaban que el 95% de los proyectos de IA general no producen ningún rendimiento financiero cuantificable, existe, según afirmó en una entrevista con CIO.com, una gran cantidad de experimentación entre los departamentos de TI en la que un equipo de profesionales de infraestructura y operaciones “simplemente sale y prueba algo”.
La realidad, según Freeze, es que para lograr el ROI previsto, los departamentos de TI no deben optar por gestionarlos como proyectos secundarios.
En un artículo publicado por Gartner acerca de la encuesta realizada a 783 líderes de infraestructura y operaciones a finales del año pasado, la firma indicó que del 57% de los líderes de infraestructura y operaciones que informaron de al menos un fracaso, “muchos dijeron que sus iniciativas de IA habían fracasado porque esperaban demasiado, demasiado rápido. Daban por sentado que la IA automatizaría inmediatamente tareas complejas, reduciría costes o resolvería problemas operativos de larga data. Cuando las expectativas no se fijan de forma realista y los resultados no aparecen rápidamente, la confianza decae y los proyectos se estancan”.
La encuesta desvela que el retorno de la inversión de la IA no depende de la sofisticación del modelo, sino de lo bien que la tecnología esté integrada, gestionada y alineada con las necesidades operativas reales.
Gartner ha identificado tres factores de éxito. Entre ellos se incluye la integración de la IA en los sistemas y procesos que la gente ya utiliza. “A medida que la IA se convierte en parte de las operaciones cotidianas, impulsa su adopción y genera un impacto visible dentro de la organización”, según la empresa. Los ejecutivos de infraestructura y operaciones con éxito también reciben pleno apoyo de los altos ejecutivos, lo que ayuda a “eliminar obstáculos, alinear prioridades y garantizar que la inversión siga financiada y centrada”, y crean casos de negocio realistas.
Para Freeze, los líderes de infraestructuras y operaciones deben priorizar y determinar la financiación de los casos de uso de la IA “gestionando estos casos como un producto para evitar duplicidades, impulsar sinergias y realizar un seguimiento de su impacto colectivo en los resultados de infraestructura y operaciones y del negocio”. A partir de ahí, estos directivos “líderes de infraestructura y operaciones “pueden trabajar junto con sus CIO y terceras partes de datos y análisis, seguridad, asuntos legales y finanzas para evaluar cada caso de uso en cuanto a viabilidad, riesgo, coste e impacto empresarial esperado. Un modelo de puntuación compartido facilita la comparación y clasificación de todos los casos de uso y orienta las decisiones de inversión”, apunta.
Señala que la mayor parte del éxito proviene de la IA generativa aplicada a áreas específicas: la gestión de servicios de TI (ITSM) y las operaciones en la nube, “donde los mercados están maduros y han demostrado su valor empresarial. De hecho, el 53% de los responsables de infraestructura y operaciones indicaron que sus logros en IA se producen en ITSM”. “Tanto si estos logros se producen en la nube como en ITSM, los líderes de infraestructura y operaciones deben asegurarse de que se difundan ampliamente dentro de la organización y de que la estrategia de IA siga siendo coherente y esté dirigida de forma centralizada”.
Empezar sin un plan, dice Freeze a CIO.com, nunca es una buena idea: “Siempre es una mala situación para cualquier tecnología decir: ‘Lo hemos creado. Va a tener éxito’. Debe basarse en el caso de negocio. ¿Qué necesita su empresa? ¿Cuáles son sus ambiciones? ¿Cuáles son los problemas dentro de su función que su conjunto de herramientas actual no es capaz de resolver? Dentro de ese marco estratégico inicial, entonces llega el éxito”.
También existe el problema de que un proyecto de IA fallido puede afectar a toda una organización. No ser capaz de proporcionar una infraestructura segura, fiable y disponible puede tener importantes implicaciones para los resultados empresariales, añade Freeze.
“Los factores que conducen al fracaso son ligeramente diferentes de los que conducen al éxito”, dijo. “Los responsables de infraestructura y operaciones deben recordar que una cartera de IA claramente definida y respaldada a nivel central ayuda a su organización a centrar los recursos donde más importan. Por encima de todo, una ejecución sólida y la adopción por parte del negocio, y no solo la priorización, determinan el verdadero retorno de la inversión (ROI) de la IA”.
Una vez que las prioridades están claras, añadió Freeze, se puede determinar qué casos de uso merecen financiación y en qué medida. “Hoy en día, muchas iniciativas de IA siguen siendo financiadas por unidades de negocio individuales”, observó. “Sin embargo, a medida que el gasto en infraestructura de IA sigue aumentando, los directores generales y los directores financieros deben desempeñar un papel más activo a la hora de establecer los criterios de financiación y aprobar las inversiones importantes”.
See what you missed in Daily Tech Insider from March 16–20.
The post AI Factories, Security Flaws, and Workforce Shifts Define This Week in Tech appeared first on TechRepublic.
AWS says drone strikes damaged data center facilities in the UAE and Bahrain, disrupting and degrading dozens of cloud services across the Middle East.
The post AWS Data Centers Hit: Drone Strikes Cripple Cloud appeared first on TechRepublic.
As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.
KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.
“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations (I&O) leaders to improve IT’s environmental performance, particularly around data centers,” said Autumn Stanish, Senior Principal Analyst at Gartner. “This has led many down the path of greater spending and investment in environmental solutions, but environmental impact shouldn’t be the only focus. Sustainability can also have a significant positive impact on non-environmental factors, such as brand, innovation, resilience and attracting talent.”
The International Energy Agency (IEA) found data centers account for 1 to 1.5 percent of global electricity consumption. Reducing energy consumption is often a top priority when designing and building a green data center. Because AI uses more computing power than traditional methods, data centers are increasingly using more energy, which is only predicted to increase as use cases for AI continue to expand.
The term green data center does not refer to a single technology, but instead a strategic approach designed to more efficiently use resources that starts at the very beginning of the process. Every decision regarding processes, environment and technology is made with sustainability as a top priority. For example, green data centers often use a smaller physical space and typically use low-emission materials in construction.
However, green data centers add new cybersecurity risks as well as increase known risks. Organizations must keep cybersecurity at the center of each green data center decision.
Here are five green data center trends to consider in terms of cybersecurity when designing and implementing a green data center.
Many green data centers reduce their reliance on traditional air conditioning by using advanced cooling techniques, liquid cooling or precision cooling. These techniques often use IoT devices for monitoring temperatures and energy use. However, IoT devices can provide entry points for cyber criminals to access the network and all connected systems. Additionally, IoT devices expand the potential attack surface area.
By proactively taking steps for each IoT device, organizations can effectively use advanced cooling techniques without significantly increasing their risk. As part of the installation process for each IoT device, administrators should change the preinstalled passwords with complex passwords. Many organizations also use a VPN local virtual private network for IoT devices to limit access to other systems in case of a cybersecurity incident.
Purchasing new equipment regularly for a data center increases its environmental impact as well as costs. Many organizations are using upgrades, refurbishments and efficient maintenance to extend the lifespan. However, older equipment may have more cybersecurity vulnerabilities and be less likely to use the latest (and most secure) technologies and techniques. By regularly evaluating the benefits of continuing to use a piece of equipment for sustainability reasons with its cybersecurity risk, organizations can make a balanced decision. Additionally, installing all updates in a timely manner also reduces risk.
Explore cybersecurity servicesA common technique to reduce resources in data centers is virtualization. Because virtualization involves creating an abstract layer over computer hardware, organizations can use less physical equipment, resulting in lower energy consumption. A single physical server often runs multiple servers. Because virtual servers consume less energy, this often significantly reduces energy consumption.
However, virtual servers contain more entry points for breaches and attacks than physical servers. Additionally, cyber criminals often target the hypervisor that manages the virtual machines. By compromising the hypervisor, threat actors take control of a large portion of the data center and can inflict significant damage, especially through a ransomware attack.
Organizations can reduce their virtualization risk by ensuring that the user privileges for the virtual machines and hypervisor are appropriate for each person’s work-related tasks. By using segmentation in virtualized environments, cyber criminals can only access a small portion of the network and systems, which limits damage. Additionally, organizations should regularly audit which users have escalated privileges in a domain controller to reduce attackers waiting in the wings.
By shifting from such as fossil fuels to renewable sources like solar, wind or hydropower, data centers can decrease their reliance on non-renewable energy and reduce the emission of greenhouse gasses. Because solar and wind farms are often in different locations than the data centers themselves, using these energy sources creates a larger attack area that increases the risk. Additionally, each system used for the new energy source adds to the surface area as well. Renewable energy sources also often use the power grid and the internet, which creates new sources of vulnerability. Because these energy sources often contain a high volume of sensitive data, organizations must proactively mitigate the risk of a data breach and compliance issues.
Green data centers typically use a DCIM to monitor and manage all aspects of the data center infrastructure, including power distribution and cooling systems, from a single location. Because of the real-time monitoring of power consumption, organizations can identify issues and make changes quickly to reduce the environmental impact instead of waiting until after the impact has occurred.
Due to its integration with other systems, the DCIM creates a target for attackers to gain access to other data. The high level of integration makes it possible for threat actors to gain access to the DCIM from other interconnected systems. Organizations must focus on creating strong access controls to make sure that only authorized users gain access to reduce data leaks and breaches.
Because sustainability is the top concern with a green data center, organizations can inadvertently make decisions that increase cybersecurity vulnerabilities. With a balanced approach that considers both sustainability and cybersecurity, organizations can reduce the environmental impact of their data center while also reducing the risk of a breach or attack.
The post How secure are green data centers? Consider these 5 trends appeared first on Security Intelligence.
Entrar