What does building an effective IT organization require?

We’ve been asking and answering that question for the past few weeks (starting here, with business integration; last week we covered process maturity).

What’s next? Technical architecture, which is to say the stuff IT is responsible for building, installing, and maintaining. To line everything up:

  • Business integration is how IT figures out what it’s supposed to provide to the rest of the business.
  • Process maturity is how IT provides it.
  • Technical architecture is what it provides.
  • We’ll wrap things up with Human Performance – the factors and practices that make sure the best people are in place to make sure IT is integrated into the business.

I covered technical architecture in depth in my CIO.com feature, the CIO Survival Guide. The links are here:

So far as the processes and practices required to achieve and evaluate a strong and resilient technical architecture are concerned, these three articles pretty much cover the ground.

Bob’s last word: What these articles don’t cover is (blare of trumpets) … yes, that’s right: the importance of a culture of architecture to complement the culture of process discussed last week.

And I don’t have anything new to say on the culture front, so just re-read what I wrote there.

That makes this week’s KJR pretty short. Which is okay – I’m trying hard to follow a piece of advice I’ve both given and received over the years, which is that if I don’t have anything to say I don’t have an obligation to say it.

So instead, I’m going to give in to an irresistible temptation: an observation about Elon Musk’s decision to re-brand Twitter as “X”.

My take, based on nothing but speculation, is that Elon Musk must be the smartest person in the room, no matter what the room is, who’s in it, and what they’re talking about.

Among the consequences is an inability to recognize anyone else’s good ideas.

So I’m imagining a meeting of Twitter’s executive leadership team. The subject is how to turn Twitter into a going concern. Of the ideas floated around, the only one Musk could put his name on is changing Twitter’s name and brand.

Because it was Musk’s idea, it was, by definition, brilliant! Also the only brilliant idea spoken, a natural consequence of Musk having to be the smartest person in the room.

Again, I’m just speculating. But on the other hand, can you offer a plausible alternative explanation?

This week in CIO.com’s CIO Survival Guide: “7 IT consultant tricks CIOs should never fall for.” Fixing what’s broken by breaking what’s fixed plus 6 other common consulting misdeeds.

We Must Regulate A.I. Here’s How,” writes Lina Khan, chair of the Federal Trade Commission, in the 5/3/2023 edition of the New York Times.

Ms. Khan is not stupid, and she makes a compelling case that unregulated generative AI might result in many deleterious outcomes. Regrettably, she misses the mark in two key aspects of the situation.

The first is easy to spot: That unregulated AI might be problematic doesn’t mean regulated AI will not be problematic.

The second and more consequential: Defining generative AI as a category will prove challenging at best.

The reason? Generative AI technologies are already sliding down the slippery evolutionary slope that many earlier technologies have traversed, from application-layer solutions to platform-layer building blocks.

If the point isn’t clear, consider SharePoint. It started out as an application – a document management system. As Microsoft steadily added capabilities to it SharePoint morphed, from a DMS into a general-purpose application development environment.

Imagine some of SharePoint’s capabilities are starting to look alarming in some way or other.

No, not annoying. Alarming. Enough so that various pundits called for its regulation.

Would that mean every application programmed using SharePoint as, say, its DBMS should be … heck, could be … subject to regulation?

Well, SharePoint-as-Platform could, in theory, be regulated as a thing. That might last for a short while, but only until Microsoft disaggregated SharePoint as a platform, breaking it up into a collection of operating system services, much as happened with browser capabilities decades ago.

We can expect the same with generative AI. Its capabilities, from researcher-and-essay-writer to deep-fake-creator, will, we can predict with confidence, become embedded as platform-layer technologies in large-scale application suites, where their regulation will be no more possible than regulating any other embedded IT platform technology.

Put differently, generative AI will be built into general-purpose business applications. It’s easy to envision, for example, generative-AI-enabled ERP, CRM, and HRIS suites. Try to imagine distilling and regulating just the generative-AI capabilities that will be built into these already-familiar application categories.

The threat(s)

I asked ChatGPT to list the five most important generative AI threats. It answered with five versions of the same threat, namely, misinformation and disinformation, whether in the form of deepfakes, counterfeits, or other incursions into what’s real.

The threats, from where IT sits

Just my opinion here (not ChatGPT’s opinion): The single most obvious threat from generative AI is to information security. Deepfakes will vastly increase an organization’s vulnerability to the various forms of phishing attack, with all their well-known data-theft and ransomware consequences.

Generative AI will also create whole new categories of business sabotage. Imagine the damage an unscrupulous competitor could do to your company’s image and brands using even the current generation of deepfake creation software. If this doesn’t look to you like an IT problem, it’s time to re-think what you consider IT’s role in the business to be.

A popular framework for formulating business strategy, re-framed for the KJR perspective, is TOWS, which stands for Threats, Opportunities, Weaknesses, Strengths. As has been pointed out here from time to time, a capability is an opportunity when your business achieves it and a threat when a competitor does. And many of today’s business threats and opportunities come from new forms of information technology.

So it isn’t good enough for IT to implement and manage business applications and their underlying platforms and declare the business mis-uses of generative AI as Someone Else’s Problem. IT’s has strategic roles to play, including the identification of IT-driven threats and opportunities.

If not regulation, then what?

Getting back to how we as businesses and as society as a whole should be dealing with the threats and opportunities posed by generative AI, regulation isn’t going to do us much good.

What will? First, foremost, and most obviously we can expect the purveyors of anti-malware products to build machine-learning technology into their products, to identify generative-AI-based phishing and other penetration attempts.

Second, we can expect the purveyors of marketing automation systems to build machine-learning-based content scanning capabilities into their products, to help you spot deepfake and other brand-damaging content so your marketing department is equipped to deal with this category of IT-driven business threat.

Bob’s last word: More generally, there are problems in this world for which centralized governance provides the best … and sometimes only … solutions. There are others for which a marketplace model works better.

When it comes to generative AI, and this is just my opinion, mind you, the marketplace approach will prove to be quite unsatisfactory.

But far more satisfactory than any regulatory alternative.

Sometimes, in the wise words of Argo’s Tony Mendez, we have to go with the best bad plan we have.

Bob’s sales pitch: Every week in Keep the Joint Running I try to provide perspectives subscribers will find useful, readable, and unconventional – there’s no point in being repetitious, and even less point in being boring.

You’re the only form of promotion I use, so if you find KJR’s weekly points of view valuable, it’s up to you to spread the good word.

This week on CIO.com’s CIO Survival Guide: “7 venial sins of IT management.” They aren’t the worst things a CIO can do, but they certainly aren’t good ideas.